DIRECTOR OF CENTRAL INTELLIGENCE DIRECTIVE NO. 1/19 SECURITY POLICY FOR SENSITIVE COMPARTMENTED INFORMATION (SCI) (U)
Document Type:
Collection:
Document Number (FOIA) /ESDN (CREST):
CIA-RDP87B01034R000500180041-7
Release Decision:
RIFPUB
Original Classification:
C
Document Page Count:
31
Document Creation Date:
December 19, 2016
Document Release Date:
September 29, 2005
Sequence Number:
41
Case Number:
Publication Date:
April 14, 1982
Content Type:
DCID
File:
Attachment | Size |
---|---|
![]() | 2.05 MB |
Body:
Approved For ReleaseMIDENIFIALB01034R00050W041-7
Arr: 14 Apr 82
DIRECTOR OF CENTRAL INTELLIGENCE DIRECTIVE NO. 1/191
SECURITY POLICY FOR
SENSITIVE COMPARTMENTED INFORMATION (SCI) (U)
(Effective 1982)
Pursuant to Section 102 of the National Security Act of 1947, ap-
plicable Executive Orders, and National Security Council Intelligence
Directives, this directive and the attached manual establish security
policy for the security, use, and dissemination of Sensitive Compart-
mented Information (SCI). (U)
1. Applicability
The controls and procedures in this directive and the attached
manual shall be applied by all Intelligence Community agencies. In-
telligence Community agencies which release or provide SCI to contrac-
tors, consultants, or other government departments or agencies shall
ensure beforehand that the intended recipients agree to follow this
policy in their own handling and accountability of SCI.
Policy and procedures in this directive shall be reflected in
other Intelligence Community directives relative to this matter.
This directive is not intended to intrude on the authority of Ex-
ecutive Agents or other operational program directors who will continue
to prescribe basic operational direction for programs under their
cognizance. (U)
2. General
Specific guidance on what information should be classified and
protected as SCI is provided in other documents issued by or pursuant
to the authority of the Director of Central Intelligence. Principles
and details governing and defining information to be protected by a
specified SCI control system shall be included in system manuals and
regulations. Such documentation shall also include instructions for
decompartmentation, sanitization, release to foreign governments,
emergency use (when those actions are feasible and permissible), and
additional security policy for the protection of information controlled
in SCI sUbcompartments. (U)
3. Finished Intelligence Products
In order to improve protection of intelligence sources and methods
that have been determined to warrant special control, all intelligence
1This directive supersedes DCID No. 1/19, effective 6 June
1978.
CLASSIFIED BY:
DECLASSIFY ON: ORIGINATING
AGENCY'S DETERMINATION REQUIRED
Approved For Release 2005/12/14 VIR7B01034R000500180041-7
CONFID E
Approved For Release tkelIFIDEI4.lflAtB01034R000500180041-7
production elements shall take special care to ensure that data on such
sources and methods are excluded to the extent possible from finished
intelligence products. To provide this protection, producers of
finished intelligence shall:
a. Avoid production which must be handled in compartments in-
tended to protect collection efforts (e.g., B) because it limits the
utility of the product and/or results in proliferation of access to
collection system-oriented compartments.
b. Abide by the total prohibition against using in a product-
oriented compartment (e.g., TK) any SCI that has been identified as
warranting compartmentation in a collection-oriented special access
program (e.g., B). Such practice voids the utility of separating
sources and methods from product information.
c. Ensure that unavoidable references to SCI sources are as
non-specific as practicable.
Generalized discussion of compartmented collection capabilities is
permitted in finished intelligence products provided that the products
are themselves compartmented. Discussion of specific details concern-
ing collection system sources or methods which are protected by special
access programs should not normally be contained in finished intelli-
gence. When treatment of a particular subject in finished intelligence
products requires detailed discussion of compartmented sources and
methods, a special supplement, appropriately controlled, is the prefer-
red vehicle. Finished intelligence may contain discussion of gaps in
intelligence collection on specific problems or areas, of the general
capabilities of collection systems to provide indications warning and
as a measurement of the reliability of sources to the extent that
analytical judgments would be effected.
The policy of constraint on the use of compartmented information
on sources and methods in finished intelligence products applies to all
Intelligence Community publications, including the National Intelli-
gence Daily, Interagency Memoranda, National Intelligence Estimates
and Alert Memoranda. It also applies to all the finished intelligence
production of individual agencies, including formal and informal memo-
randa and studies. (C)
(DRAFT)
WILLIAM J. CASEY
Director of Cental Intelligence
Attachment:
DCI Security Policy Manual
for SCI Control Systems
2
Approved For Release 2005/12/14: CIA-RDP87601034R000500180041-7
CONFIDENTIAL
Approved For ReleasecoNFIDENTFIAtpoi 034R000500180041-7
DIRECTOR OF CENTRAL INTELLIGENCE
SECURITY POLICY MANUAL FOR
SCI CONTROL SYSTEMS
[Attachment to DCID 1/19, "Security Policy for Sensitive
Compartmented Information (SCI)"]
TABLE OF CONTENTS
Introduction
Definitions
PERSONNEL SECURITY
Paragraph Page
1
1 1
General
2
Need-to-Know Policy
3
Standards
4
SCI Nondisclosure Agreements (NdAs)
5
Recording Indoctrinations and Debriefings
?
?
?
?
6
Access Approvals
7
Central Registry
8
Security Indoctrination and Education
9
Foreign Contacts
10
SCI Travel and Assignment Security Policy
.
?
?
?
11
PHYSICAL SECURITY
Construction and Protection Standards
Accreditation of SCIFs
Emergency Plans
Two-Person Rule
12
13
14
15
TECHNICAL SECURITY
Technical Surveillance Countermeasures 16
Compromising Emanations Control Security
(TEMPEST) 17
Automated Data Processing (ADP) Security 18
SCI DOCUMENT CONTROL OFFICES/CENTERS AND SECURITY OFFICIALS
SCI Special Security Offices and/or Control
Centers 19
SCI Special Security/Control Officers 20
Approved For Release 2005/12/14: CIA-RDP87601034R000500180041-7
CONFIDENTIAL
Approved For Release
F1DEIMALB01034R000500180Q41-7
DRAFT: 14 Apr 82
DIRECTOR OF CENTRAL INTELLIGENCE DIRECTIVE NO. 1/191
SECURITY POLICY FOR
SENSITIVE COMPARTMENTED INFORMATION (SCI) (U)
(Effective 1982)
Pursuant to Section 102 of the National Security Act of 1947, ap-
plicable Executive Orders, and National Security Council Intelligence
Directives, this directive and the attached manual establish security
policy for the security, use, and dissemination of Sensitive Compart-
mented Information (SCI). (U)
1. Applicability
The controls and procedures in this directive and the attached
manual shall be applied by all Intelligence Community agencies. In-
telligence Community agencies which release or provide SCI to contrac-
tors, consultants, or other government departments or agencies shall
ensure beforehand that the intended recipients agree to follow this
policy in their own handling and accountability of SCI.
Policy and procedures in this directive shall be reflected in
other Intelligence Community directives relative to this matter.
This directive is not intended to intrude on the authority of Ex-
ecutive Agents or other operational program directors who will continue
to prescribe basic operational direction for programs under their
cognizance. (U)
2. General
Specific guidance on what information should be classified and
protected as SCI is provided in other documents issued by or pursuant
to the authority of the Director of Central Intelligence. Principles
and details governing and defining information to be protected by a
specified SCI control system shall be included in system manuals and
regulations. Such documentation shall also include instructions for
decompartmentation, sanitization, release to foreign governments,
emergency use (when those actions are feasible and permissible), and
additional security policy for the protection of information controlled
in SCI subcompartments. (U)
3. Finished Intelligence Products
In order to improve protection of intelligence sources and methods
that have been determined to warrant special control, all intelligence
1This directive supersedes DCID No. 1/19, effective 6 June
1978.
CLASSIFIED BY:
DECLASSIFY ON: ORIGINATING
AGENCY'S DETERMINATION REQUIRED
Approved For ReleasedMECAPCB01034R000500180041-7
Approved For Release CONFIDENITAIT01034R000500180041-7
production elements shall take special care to ensure that data on such
sources and methods are excluded to the extent possible from finished
intelligence products. To provide this protection, producers of
finished intelligence shall:
a. Avoid production which must be handled in compartments in-
tended to protect collection efforts (e.g., B) because it limits the
utility of the product and/or results in proliferation of access to
collection system-oriented compartments.
b. Abide by the total prohibition against using in a product-
oriented compartment (e.g., TK) any SCI that has been identified as
warranting compartmentation in a collection-oriented special access
program (e.g., B). Such practice voids the utility of separating
sources and methods from product information.
C. Ensure that unavoidable references to SCI sources are as
non-specific as practicable.
Generalized discussion of compartmented collection capabilities is
permitted in finished intelligence products provided that the products
are themselves compartmented. Discussion of specific details concern-
ing collection system sources or methods which are protected by special
access programs should not normally be contained in finished intelli-
gence. When treatment of a particular subject in finished intelligence
products requires detailed discussion of compartmented sources and
methods, a special supplement, appropriately controlled, is the prefer-
red vehicle. Finished intelligence may contain discussion of gaps in
intelligence collection on specific problems or areas, of the general
capabilities of collection systems to provide indications warning and
as a measurement of the reliability of sources to the extent that
analytical judgments would be effected.
The policy of constraint on the use of compartmented information
on sources and methods in finished intelligence products applies to all
Intelligence Community publications, including the National Intelli-
gence Daily, Interagency Memoranda, National Intelligence Estimates
and Alert Memoranda. It also applies to all the finished intelligence
production of individual agencies, including formal and informal memo-
randa and studies. (C)
(DRAFT)
WILLIAM J. CASEY
Director of Cental Intelligence
Attachment:
DCI Security Policy Manual
for SCI Control Systems
2
Approved For Release 2005/12/14: CIA-RDP87601034R000500180041-7
CONFIDENTIAL
Approved For Release
M
qs
? ?
F1BENTFIlAt71301034R000500180041-7
DIRECTOR OF CENTRAL INTELLIGENCE
SECURITY POLICY MANUAL FOR
SCI CONTROL SYSTEMS
[Attachment to DCID 1/19, "Security Policy for Sensitive
Compartmented Information (SCI)"]
TABLE OF CONTENTS
Introduction
Definitions
Paragraph ?age
1
1 1
PERSONNEL SECURITY
General
2
Need-to-Know Policy
Standards
4
SCI Nondisclosure Agreements (NdAs)
5
Recording Indoctrinations and Debriefings
. .
.
.
6
Access Approvals
7
Central Registry
8
Security Indoctrination and Education
9
Foreign Contacts
10
SCI Travel and Assignment Security Policy
?
?
?
11
PHYSICAL SECURITY
Construction and Protection Standards
12
Accreditation of SCIFs
13
Emergency Plans
14
Two-Person Rule
15
TECHNICAL SECURITY
Technical Surveillance Countermeasures
16
Compromising Emanations Control Security
(TEMPEST)
17
Automated Data Processing (ADP) Security
18
SCI DOCUMENT CONTROL OFFICES/CENTERS AND SECURITY OFFICIALS
SCI Special Security Offices and/or Control
Centers 19
SCI Special Security/Control Officers 20
Approved For Release 2005/12/14: CIA-RDP87601034R000500180041-7
CONFIDENTIAL
Approved For Release goNFIDEN-TtA4/1301034R000500180041-7
INFORMATION SECURITY
Paragraph
Standard Classification Marking Requirements
.
.
21
SCI Caveats, Codewords, and Designators
22
Dissemination Control Markings
23
Portion Marking
24
Letters of Transmittal
25
SCI Control Numbers
26
Specialized Media
27
Cover Sheets
28
SCI Accountability and Control Procedures ? ?
?
?
29
Temporary Release of SCI Outside a SCIF
30
Audits and Inventories
31
Reproduction
32
Transmission
33
Destruction of SCI
34
RELEASE OF SCI TO CONTRACTORS/CONSULTANTS
Policy
35
Foreign Ownership/Dominance
36
LEGISLATIVE BRANCH ACCESS TO SCI
Policy
37
Verification Requirement
38
Access Approval Procedures
39
Handling and Storage of SCI
40
Marking SCI Released to Congress
41
JUDICIAL BRANCH ACCESS TO SCI
Policy
42
SCI Access Verification
43
SCI Access Eligibility Determination Procedures
44
Handling and Storage of SCI
45
Additional Details
46
SCI SECURITY VIOLATIONS/COMPROMISES
Individual Responsibilities
47
Investigations
48
Corrective Action
49
INSPECTIONS
Policy
50
Approved For Release 2005/12/14: CIA-RDP87601034R000500180041-7
CONFIDENTIAL
Page
Approved For Release
'111!
FID:EN11AL7B01034R000500180041-7
SECURITY POLICY MANUAL FOR
SCI CONTROL SYSTEMS
Introduction
This manual contains security policy and procedures common to the
several SCI control systems for the protection of intelligence informa-
tion. Users should refer to DCIDs and other documents referenced
herein for specific guidance on the functional areas they cover.
Users are also reminded that they should*refer to the applicable SCI
control system manuals or directives for guidance on what information
is to be classified at what level and protected by compartmentation.
Questions on this manual should be directed to the DCI Security
Committee (SECOM) if not answerable by security components of Intelli-
gence Community organizations.
As this manual sets forth security policy and procedures for SCI
control systems, it merits and warrants the overall classification of
CONFIDENTIAL in its totality. Individual paragraphs may be excised
for use at the unclassified level by Senior Officials of the Intelli-
gence Community (SOICs), Senior Intelligence Officers (SI0s), their
designees, or SCI Special Security/Control Officers, when considered
appropriate.
1
Approved For Release 2005/12/14: CIA-RDP87601034R000500180041-7
CONFIDENTIAL
Approved For Release e9iFIDERALB01034R000500180041-7
1. Definitions
?a. Document?any recorded information regardless of its physical
form or characteristics, including, without limitation, written or
printed matter, automated data-processing storage media, maps, charts,
paintings, drawings, photos, engraving, sketches, working notes and
papers, reproductions of such things by any means or process, and
sound, voice, magnetic or electronic recordings in any form.
b. Hard Copy Document?any document that is initially published
and distributed by the originating component in paper form and that is
not stored or transmitted by electrical means.
c. Intelligence Community--those United States organizations and
activities identified in Executive Order 12333 or successor order as
making up such community.
d. Raw Intelligence--collected intelligence information which has
not yet been converted into intelligence.
e. Sensitive Compartmented Information (SCI)--all information and
materials requiring special community controls indicating restricted
handling within present and future community intelligence collection
programs and their end products. These special Community controls are
formal systems of restricted access established by the Director of Cen-
tral Intelligence (DCI) to protect the sensitive aspects of sources,
methods and analytical procedures of foreign intelligence programs.
The term does not include Restricted Data as defined in Section II,
Public Law 585, Atomic Energy Act of 1954, as amended.
f. SCI Facility (SCIF)--an accredited area, room, group of rooms,
or installations where SCI may be stored, used, discussed and/or
electronically processed.
g. Senior Intelligence Officer (SIO)--the highest ranking indi-
vidual who is charged with direct foreign intelligence missions/func-
tions/responsibilities within a component, command, or element of an
Intelligence Community organization. When an SIO has been delegated
authorities provided for in this manual by a Senior Official of the
Intelligence Community (SOIC), the SIO will be responsible for imple-
menting the policies and procedures of this manual for his/her respec-
tive Intelligence Community component.
h. Senior Officials of the Intelligence Community (SOIC)--for the
purposes of this manual, SOICs are defined as the heads of organiza-
tions within the Intelligence Community, as defined by Executive Order
12333, or their designated representatives. Formerly known as Intel-
ligence Community Senior Intelligence Officers (SI0s).
PERSONNEL SECURITY
2. General. The protection of SCI is directly related to the thor-
oughness and effectiveness of the personnel security program applicable
2
Approved For Release 2005/12/14: CIA-RDP87601034R000500180041-7
CONFIDENTIAL
Approved For Release
is
F1DERIALB01034R000500180041-7
to those individuals having access to such information. An interlock-
ing and mutually supporting series of program elements (e.g., need-to-
know, investigation and adjudication in accordance with DCID 1/14,
"Minimum Personnel Security Standards and Procedures Governing Eligi-
bility for Access to SCI," binding contractual obligations on those
granted access, security orientation and continuing security oversight)
can provide reasonable assurances against compromise of SCI by those
authorized access to it.
3. Need-to-Know Policy. The first personnel security principle in
safeguarding SCI is to ensure that only those persons with a clearly
identified need-to-know are granted access to it. Need-to-know is a
determination by an authorized holder of classified information that
access to specific classified material in his or her possession is _
required by one or more other persons to perform a specific and of-
ficially authorized function essential to accomplish a national secu-
rity task or as required by Federal Statute, Executive Order, or di-
rectly applicable regulation.
4. Standards. Personnel security standards, reporting of data bear-
ing on SCI eligibility, investigative requirements, reinvestigations,
adjudications, and supervisory security responsibilities shall be in
accordance with DCID 1/14.
5. SCI Nondisclosure Agreements (NdAs):
All persons holding or being given SCI access shall sign an, NdA.
Failure to sign an NdA is cause to deny or revoke existing SCI access
for the refusing person. The NdA establishes explicit obligations on
both the Government and the individual signer in the interest of pro-
tecting SCI. Form 4193, "Sensitive Compartmented Information Nondis-
closure Agreement," is available for use. It includes a prepublication
review provision. Use of a prepublication review provision in any
alternative form of NdA is mandatory. Any department or agency elect-
ing to use an alternative form of NdA shall use it without exception
for all SCI accesses.
Further information on Form 4193 may be found in the July 1981
"Questions and Answers for Use with the Sensitive Compartmented Infor-
mation Nondisclosure Agreement" prepared for use by government and
industry security officers.
6. Recording Indoctrinations and Debriefings. Briefing officers
shall appropriately record certifications of all SCI indoctrinations
and debriefings they accomplish. Administrative guidance on NdAs,
indoctrination and debriefing forms, and related procedures shall be
specified by SOICs for areas under their cognizance.
7. Access Approvals. When need-to-know has been established and
investigative results have been satisfactorily adjudicated, SCI ac-
cesses shall be granted and formally recorded.
3
Approved For Release 2005/12/14: CIA-RDP87601034R000500180041-7
CONFIDENTIAL
Approved For Release term EN1tAtB01034R000500180041-7
a. Authority. SCI accesses shall be granted by the SOIC having
cognizance of the persons involved. For persons in non-NFIB govern-
ment organizations, SCI accesses are granted by the DCI through the
CIA Special Security Center (SSC). Unless specifically delegated, ap-
proval authority for access to certain operational or collection sys-
tems is retained by the cognizant program manager, executive agent
or national authority. Administrative procedures governing the
granting of SCI accesses shall be specified by SOICs for their organi-
zations.
b. General SCI Access Approvals--"PROXIMITY." A "PROXIMITY" ac-
cess approval may be granted by, and at the discretion of, the cogni-
zant SOIC to persons who closely support SCI collection, processing
or use, but whose duties do not warrant granting substantive SCI access
approvals. PROXIMITY allows the holder to perform his or her duties
in support of any SCI control system provided the tasks do not involve
visual or aural access to clear text, intelligible SCI.
(1) PROXIMITY access approvals may also be granted, accord-
ing to the criteria in (2) below, when a person is authorized one or
more SCI access approvals. For example, substantive access to COMINT
may be required when PROXIMITY access will suffice for another SCI
access.
(2) Minimum criteria for PROXIMITY approval are:
(a) The nature of the individual's support to SCI in-
volves a substantial latent risk of exposure to SCI through inadvert-
ence or a deliberate effort by the individual.
(b) Approval for a specific SCI system or project would
provide the person more information than needed, either in the indoc-
trination or by virtue of the access approval, or both.
(c) The individual does not need to know substantive SCI
in order to perform his or her function and shall not receive access
in the normal course of his or her duties.
(d) The individual's potential for access is such that
personnel security assurances provided through investigations and
adjudication for collateral clearances are not deemed adequate by the
cognizant SOIC or designee.
(3) Persons determined by their SOIC to require PROXIMITY
approval shall be processed to DCID 1/14 personnel security stand-
ards. They shall be given a non-SCI revealing briefing notifying them
that their duties may bring them in close proximity to highly sensitive
government information; cautioning them to report to their security
officer any inadvertent access involving them; and providing them a
generalized description of the appearance of SCI documents (e.g.,
material may have color-coded cover sheets, and shall bear handling
system caveats) to enable them to recognize such material if it is
exposed to them.
4
Approved For Release 2005/12/14: CIA-RDP87601034R000500180041-7
CONFIDENTIAL
Approved For Release GoNFIDENTIAtzB01034R000500180041-7
(4) NdAs are required of persons being granted PROXIMITY
approval to obligate them to observe the agreement's provisions with
respect to any SCI of which they might gain knowledge. If an inad-
vertent disclosure is made to a person with PROXIMITY approval, that
person shall be given a security briefing to ensure that he or she
understands the applicability of the NdA and his or her obligations
under it.
(5) SOICs shall administer PROXMIMITY approvals for those
persons they sponsor. Once granted, the PROXIMITY approval is valid
within the cognizance of the granting SOIC.
(6) To the extent that SOICs find it practicable, individuals
already holding substantive access approvals may be converted to PROX-
IMITY if they meet the tests for such. Those so converted shall be
cautioned not to discuss with other PROXIMITY approved persons their
previously acquired knowledge of SCI. SOICs are expected to exercise
prudence in extending PROXIMITY approvals to persons and positions not
now requiring SCI access approvals in order to avoid undue burden on
the SCI personnel security system. Substantive access approval re-
quests shall normally take precedence over PROXIMITY requests.
8. Central Registry. A Community-Wide, Computer Assisted, Compart-
mentation Control System (4C system) is being established by the DCI.
Each SOIC granting or terminating SCI accesses and PROXIMITY approvals
shall record such actions in the 4C system. SOICs are responsible to
establish procedures for the certification of SCI accesses to other
components.
9. Security Indoctrination and Education.
Prior to signing the NdA or being afforded access to SCI, persons
approved for SCI access shall be given a non-SCI revealing briefing on
the general nature and procedures for protecting the SCI to which they
will be exposed, advised of their obligations both to protect that
information and to report matters of security concern, and allowed to
express any reservations concerning the NdA or access to SCI.
Subsequent to signing the NdA, persons shall be fully indoctri-
nated on the aspects of the SCI to which they are authorized and have
a demonstrated need-to-know. All. persons granted SCI access shall
periodically be advised of their continuing security responsibilities
and of security threats they may encounter. DCI SECOM-D-543, July
1979, "Minimum Standards for Security Awareness Programs in the U. S.
Intelligence Community," provides guidance.
10. Foreign Contacts. Close, continuing personal associations with
foreign nationals by persons with SCI access are of security concern.
Persons with SCI access shall be informed of their continuing respon-
sibility to report all non-official contacts with representatives or
citizens of Communist-controlled countries and of other countries
which are hostile to the United States. SOICs shall ensure that their
5
Approved For Release 2005/12/14: CIA-RDP87601034R000500180041-7
CONFIDENTIAL
Approved For Release ORIFIDENTRIMIB01034R000500180041-7
SCI-indoctrinated personnel are kept informed of which countries are
of concern in this regard. SCI-indoctrinated persons are also respon-
sible for reporting contacts with persons from other than Communist-
controlled or hostile countries whenever those persons show undue or
persistent interest in employment, assignment, or sensitive national
security matters. Contacts, or failure to report contacts, in either
of the above situations shall result in reevaluation of eligibility
for continued SCI access by the cognizant SOIC. Casual contacts aris-
ing from living in a community and which do not fall within either of
the above situations normally need not be reported.
?
11. SCI Travel and Assignment Security Policy. Persons with current
SCI access who plan unofficial travel to, or who are being assigned to
duty in, foreign countries and areas, particularly those identified in
DCID 1/20, "Security Policy Concerning Travel and Assignment of Per-
sonnel With Access To SCI," incur a special security obligation. This
includes requirements to provide advance notice of unofficial travel
and to be afforded appropriate defensive security briefings prior to
official assignment or unofficial travel. Minimum security policy ap-
plicable to such travel or assignment is stated in DCID 1/20.
PHYSICAL SECURITY
12. Construction and Protection Standards. All SCI must be stored
within accredited SCIFs. Physical security standards for the con-
struction and protection of such facilities are prescribed in NFIB/
NFIC-9.1/47, "U.S. Intelligence Community Physical Security Standards
for SCI Facilities," effective 23 April 1981, or successor policy
statements.
13. Accreditation of SCIFs. The DCI shall accredit all SCIFs except
where that authority has been specifically delegated or otherwise
provided for. The CIA Office of Security shall accredit SCIFs for
Executive Branch departments and agencies outside the Intelligence
Community and for the Legislative and Judicial Branches. The accredi-
tation shall state the category(ies) of SCI authorized to be stored/
processed in the SCIF. Accrediting officials shall maintain a physi-
cal security profile on each of their SCIFs to include data on any
waivers of standards.
14. Emergency Plans. Each accredited SCIF shall establish and main-
tain an approved emergency plan. This may be part of an overall de-
partment, agency, or installation plan, so long as it satisfactorily
addresses the considerations stated below. Emergency planning shall
also take account of fire, natural disasters, entrance of emergency
personnel (e.g., host country police and firemen) into a SCIF, and the
physical protection of those working in such SCIFs. Planning should
address the adequacy of protection and firefighting equipment, of
evacuation plans for persons and SCI, and of life-support equipment
(e.g., oxygen and masks) that might be required for personnel trapped
in vault-type SCIFs.
6
Approved For Release 2005/12/14: CIA-RDP87601034R000500180041-7
CONFIDENTIAL
Approved For Release
pI
FID:ENTIALB01034R000500180041-7
a. In areas where political instability, host country attitude,
or criminal activity suggests the possibility that a SCIF might be
overrun by outsiders, emergency plans must provide for the secure
destruction/removal of SCI under adverse circumstances, to include
such eventualities as loss of electrical power, nonavailability of
open spaces for burning or chemical decomposition of material, and
immediate action to be taken if faced with mob attack. Where the risk
of overrun is significant, holdings of SCI must be reduced to, and
kept at, an absolute minimum needed for current working purposes, with
reference or background material to be obtained, when needed, from
other activities and to be returned or destroyed when it has served
its purpose.
b. Emergency plans shall be reviewed annually and updated as
necessary. All personnel shall be familiar with the plans. In areas
where political or criminal activity suggests the possibility that the
SCIF might be overrun by outsiders, drills shall be conducted as
local circumstances warrant but no less frequently than annually to
insure testing and adequacy of plans.
15. Two-Person Rule. NFIB/NFIC-9.1/47 establishes policy on this
subject, which is quoted below for ready reference:
"As a matter of policy, SCI Control Facilities (SCIFs) should be
staffed with sufficient people to deter unauthorized copying or il-
legal removal of SCI. SCIF designated communication centers, document
control centers (registries), and like facilities that handle or store
quantities of SCI must be manned while in operation by at least two
appropriately indoctrinated persons in such proximity to one another
as to provide mutual support in maintaining the integrity of the facil-
ity and the material stored therein. The granting by an SOIC of excep-
tions to this policy will be made a matter of record and should involve
consideration of the proven reliability and maturity of the persons
involved; the volume, variety and sensitivity of the holdings in the
facility; and whether or not the persons involved are subject to peri-
odic polygraph examinations as a condition of access. Exceptions for
communications centers, document control centers, and the like, should
be granted in only extraordinary circumstances. Routine work by a
lone individual in any SCIF is to be avoided. Contractors will provide
two person occupancy in all SCIFs not specifically exempted by the SOIC
of the Government sponsor."
When a SCIF is granted a waiver for long-term occupancy by a single
person, the responsible official shall also establish procedures to
ensure that periodic visual or oral checks are made to provide assur-
ances on the well-being of the single occupant. Duress alarms and/or
duress codes are considered valuable tools to assist in overcoming
problems associated with long-term occupancy of a SCIF by a single
person.
TECHNICAL SECURITY
7
Approved For Release 2005/12/14: CIA-RDP87601034R000500180041-7
CONFIDENTIAL
Approved For Release ORIFIDENRAL7B01034R000500180041-7 '
16. Technical Surveillance Countermeasures. Responsible SOICs shall
ensure that technical surveillance countermeasures surveys are con-
ducted at their SCIFs at appropriate intervals. Briefings on technical
penetration threats shall be provided to personnel manning SCIFs.
17. Compromising Emanations Control Security (TEMPEST). All equipment
used to transmit, handle or process SCI electronically, including com-
munications, word-processing and automated data processing equipment,
must satisy the requirements of NCSC-4, "National Policy on Control
of Compromising Emanations" and NACSIM 5203, "TEMPEST Guidelines for
Facility Design and RED/BLACK Installations" (when published). Iden-
tified compromising emanations must be contained within appropriate
boundaries. Instrumented TEMPEST tests shall be conducted at appro-
priate intervals to insure compliance with NCSC-4 or successor policy:
18. Automated Data Processing (ADP) Security. All ADP equipment used
for processing, handling or storing SCI shall be operated and secured
in compliance with DCID 1/16, "Security of Foreign Intelligence in
Automated Data Processing Systems and Networks," or successor policy
directive.
SCI DOCUMENT CONTROL OFFICES/CENTERS AND SECURITY OFFICIALS
19. SCI Special Security Offices and/or Control Centers. SCI Special
Security Offices and/or Control Centers, as appropriate, shall be
established to serve as the focal point(s) for the receipt, control
and accountability of SCI, and other SCI security functions for one or
more SCIFs in the local area. The number of such offices and/or cen-
ters shall be determined locally on the basis of practicality, number
SCIFs to be serviced, organizations involved, and common sense.
20. SCI Special Security/Control Officers. Appropriately SCI-indoc-
trinated Special Security Officers and/or SCI Control Officers (e.g.,
SS0s, TCOs and/or BC0s), and alternates thereto, shall be designated
to operate each SCI Special Security Office and/or Control Center.
Such officials shall normally have day-to-day SCI security cognizance
over their offices/centers and subordinate SCIFs, if any, for that SCI
authorized to be handled by organizations served by them. Responsible
SOICs shall provide appropriate training in SCI security policy and
procedures for their SCI special security/control officers and other
SCI registry/security personnel. -SCI Special Security/Control Officers
shall provide advice and assistance on SCI matters to their organiza-
tions and other activities being supported consistent with specific
responsibilities assigned by their SIOs. This may include one or more
of the following:
--Ensuring that SCI is properly accounted for, controlled,
transmitted, destroyed, packaged, and safeguarded.
--Giving advice and guidance on SCI classification matters,
sanitization, downgrading, decompartmentation, and
operational use.
Approved For Release 2005/12/14: CIA-RDP87601034R000500180041-7
CONFIDENTIAL
Approved For Release 4ot4FIDEptitB01034R000500180041-7
--Ensuring that SCI is disseminated only to persons authorized
access to the material involved and having an established
need-to-know.
--Conducting or otherwise managing required SCI personnel and
physical security actions and procedures.
--Investigating SCI security infractions and preparing reports
and recommendations, as required.
--Maintaining listings of available SCI electrical and hard-
copy products, validating product requirements, and insur-
ing dissemination to 'authorized users.
--Conducting required supervision or interface with SCI tele--
communications centers, ADP facilities, and similar offices
to insure SCI security.
INFORMATION SECURITY
21. Standard Classification Marking Requirements. Apply standard
security classification markings (to include classification authority
and declassification markings) to SCI according to Executive Order
12356 or successor order and Executive Branch implementing directives.
SCI shall always bear the notation "ORIGINATING AGENCY'S DETERMINATION
REQUIRED (OADR)" in lieu of any specific date or event for declassifi-
cation.
22. SCI Caveats, Codewords, and Designators. Mark SCI with the appli-
cable SCI control system caveat at the bottom of all pages of hard copy
documents, to include the front and back covers, if any. Mark other
SCI documents as described elsewhere in this manual. If the material
is to be controlled in only one SCI control system, use either of the
following styles:
"HANDLE VIA
"HANDLE VIA
(name of SCI control system) CHANNELS ONLY"
(name of SCI control system) CONTROL CHANNELS"
If the material is to be controlled in two or more SCI control systems,
use the following style:
"HANDLE VIA (names of SCI control systems) CONTROL
CHANNELS JOINTLY"
Mark material warranting SCI codeword or operational program desig-
nator protection immediately following the security classification on
all pages containing such information.
23. Dissemination Control Markings. When applicable to their in-
formation content, mark SCI with the dissemination control markings in
9
Approved For Release 2005/12/14: CIA-RDP87601034R000500180041-7
CONFIDENTIAL
Approved For Release taintrAtB01034R000500180041-7
the manner prescribed by DCID 1/7, "Control of Dissemination of Intel-
ligence Information."
24. Portion Marking. Each copy of an SCI document (excluding raw in-
telligence or working materials) that is transmitted outside the origi-
nating agency or department shall, by marking or other means, indicate:
(1) which portions are classified, with the applicable classification
level, and which portions are not classified; and (2) which portions
require SCI codewords, caveats, program designators, or DCID 1/7 con-
trol markings.
a. Abbreviations for classifications (i.e., "TS," "S," and "C,"
in descending order; "U" to designate unclassified items), authorized
digraph or other recognized abbreviations for codewords and product
indicators, authorized abbreviations for SCI control system caveats,
and DCID 1/7 control marking short abbreviations shall be used to show
the security protection requirements of portions.
b. Alternatively, such as in the case of documents all of whose
portions are of the same level of classification and control, a para-
graph or statement on the document may be used to indicate the secu-
rity protection requirements of document portions. Unless the useful-
ness of the document would suffer thereby, titles of SCI documents
shall be so worded as to avoid the need for compartmented control and
to minimize or eliminate the need for classification.
c. SOICs may grant waivers of the portion marking requirement for
contractor generated SCI when deemed necessary to alleviate an extreme
administrative and/or costly burden. Waivers shall not be considered
for any permanently valuable records of the Government, or for any in-
formation transmitted outside the contractor facility. Any informa-
tion transmitted outside the facility, where it may be used as a source
document in the derivative classification of other information, must
be portion marked before its transmittal. Further, any document upon
which the waiver is exercised shall be marked as follows:
"WARNING--THIS DOCUMENT SHALL NOT BE USED
AS A SOURCE FOR DERIVATIVE CLASSIFICATION"
25. Letters or Memoranda of Transmittal.
a. Classified Transmittal Letters. Mark transmittal letters that
contain classified information or SCI with the highest classification
and all SCI codewords, caveats, or control markings in the letter it-
self or any of its enclosures, with a notation such as the following:
"REGRADE AS (classification, caveat/codeword, etc)
WHEN SEPARATED FROM ENCLOSURE(S) AND UPON PHYSICAL REMOVAL
OF INAPPROPRIATE SCI CAVEATS, CODEWORDS, AND CONTROL MARKINGS"
In such cases, holders of the letter of transmittal letter must physi-
cally remove the inappropriate markings when the letter of transmittal
is separated from the enclosure(s).
10
Approved For Release 2005/12/14: CIA-RDP87601034R000500180041-7
prwrinrNTim
Approved For Release C9NFIDENRALB01034R000500180041-7
b. Unclassified Transmittal Letters. If a transmittal letter is
unclassified itself, but has one or more SCI enclosures, mark it with
the highest classification of the enclosure(s) and a prominent notation
such as the following:
"CONTAINS (SI/TK/B) INFORMATION--
UNCLASSIFIED WHEN APPENDED SCI DOCUMENTS ARE REMOVED"
In such cases, do not mark the letter of transmittal with the SCI code-
words or caveats contained on the enclosure(s).
26. SCI Control Numbers. Originators shall assign a control number
to any SCI documents intended for general distribution to other of-
fices, agencies, or commands, when use of a number is considered a
necessary adjunct to identification, control, or retrieval of the
material. Blocks of control numbers will be assigned to SOICs by the
CIA Compartmented Information Branch or other appropriate authority.
Control numbers, at a minimum, shall be placed in the designated block
on cover sheets and on the front cover (if any) and the title page (if
any)--or, if no cover or title page, on the first page.
a. Each control number shall consist of the identifying letters
of the name of the applicable control system, a number selected on a
"one up" basis from the block of numbers assigned to the control of-
fice, and the last two digits of the current year. When a document
contains SCI subject to two or more control systems, assign a control
number according to the established precedence of SCI systems. For
example, material containing BYE and TK or BYE and COMINT material
would be assigned a BYE number. Material containing TK and COMINT
would be assigned a TCS number. SOICs may prescribe special number-
ing procedures for contractor-originated SCI.
b. When a control number is used, also assign a copy number to
individual documents (e.g., copy 1 of 3 copies). Show the copy number
with the control number. Use a combination of digits and letters to
show reproduced copies (i.e., copy 1A, copy 4C, etc) or identify the
copies as "Series B," Series C," etc.
27. Specialized Media. Unless specifically excepted by the cognizant
SOIC, labeling requirements for SCI in specialized media are as cited
below. Material transmitted outside the originating agency shall be
in accordance with the following:
a. Automated Data Processing (ADP) Media. Each media item [e.g.,
demountable data and program storage media (magnetic tapes, disk packs,
floppy disks, magnetic cassettes), card decks, punched paper tapes,
and disk packs] containing SCI in recorded form shall be externally
labeled to show its classification and applicable SCI control system
caveats or codewords. Internal ADP media identification shall include
header and trailer blocks giving all security markings (i.e., clas-
sification; SCI system caveats, codewords, product indicators; and
DCID 1/7 control markings, as applicable).
11
Approved For Release 2005/12/14 : CIA-RDP87601034R000500180041-7
CONFIDENTIAL
Approved For Release CONIMENITAtB01034R000500180041-7
b. Photographic Media. Photography in roll, flat or other form
containing SCI shall be labeled with its classification and applicable
SCI control system caveats or codewords. For film in roll form, a
label giving the required data shall be placed on the end of the spool
flange, on the side of the spool container, and on the container cover
(if any), unless the container and its cover are transparent, in which
case no label is needed on the container or its cover if the flange
label is visible through the container. Roll film itself shall include
head and tail sequences giving all security markings applicable to the
contents. Positive film flats or slides shall bear individual internal
markings providing the classification and all applicable SCI and other
control markings. The frames of slides shall also be labeled with the
classification and applicable SCI caveats and codewords (which may be
abbreviated if necessary to fit in the space provided).
c. Microform Media:
(1) Microfiche. Each microfiche shall have a heading whose
elements are readable without magnification and which provides the
document title, classification, SCI control number, and, using standard
abbreviations, applicable SCI caveats and codewords and DCID 1/7 con-
trol markings. Individual microfiche shall be placed in colorcoded
envelopes indicative of the SCI control system(s) applicable to the
informational contents.
(2) Microfilm. Each roll of microfilm shall contain classi-
fication and control information at the beginning and end of the roll.
This may be in abbreviated form. Boxes containing processed film on
reels and film cartridges shall be labeled to show the document title
(generic title if more than one document is on the film), the highest
security classification of the contents, the SCI caveats and codewords
applicable to the filmed information, and any DCID 1/7 control markings
that may apply.
d. Electrically Transmitted Traffic. SCI transmitted by accred-
ited electrical or electronic means resulting in record copy material
shall be marked at the top and bottom of each page (to include each
segment of messages printed on perforated paper) with its security
classification, and labeled to show all applicable SCI caveats, code-
words and product designators, and any DCID 1/7 control markings that
apply. These markings shall be clearly shown consistent with the
design of the message format being used, except that the overall clas-
sification and applicable SCI caveat or codeword(s) and product indi-
cator(s), and DCID 1/7 control markings shall precede the text of the
message. Paragraph 21 on downgrading data and paragraph 24 on portion
marking shall be applied in the case of record SCI traffic.
e. Files, Folders, or Groups of Documents. Files, folders or
groups of documents shall be conspicuously marked to assure the protec-
tion of all .SCI contained therein. Such material shall be marked on
the file folder tab or other prominent location or affixed to an ap-
propriate SCI cover sheet.
12
Approved For Release 2005/12/14: CIA-RDP87601034R000500180041-7
CONFIDENTIAL
Approved For Release goNfiDENNAboi034R000500180041-7
28. Cover Sheets. When it is necessary to guard against unauthorized
disclosure to persons not possessing appropriate SCI accesses, sepa-
rate cover sheets shall be used. Cover sheets shall show, by color or
other immediately recognizable format or legend, what SCI control sys-
tem, or combination of systems, they apply to, and other applicable
markings.
29. SCI Accountability and Control Procedures. Each SCIF shall main-
tain systems of accountability sufficient to provide for the security
of SCI disseminated, received or retained by its activity, and to as-
sist in the investigation of compromises of SCI documents.
a. Records: 4
(1) Records for Incoming SCI. Except as provided in b below,
a record shall be kept of all SCI documents received by a SCIF for at
least 6 months after receipt of the material. Records shall identify
the material by control and copy number (if used), originator, a brief
description of the material, and the identity of office(s) within the
SCIF that received the material. This will normally be satisfied by
keeping copies of receipts or other records that provide necessary
identifying data. For electrically received record traffic, this
requirement may be fulfilled through retention of standard telecom-
munications center records for at least 6 months.
Subsequent to this process, no further accountability
records or administrative controls (e.g., internal receipting among
activities in the same SCIF, access records, destruction certificates)
are necessary for SCI security purposes while SCI documents are main-
tained in or accountable to a receiving SCIF.
(2) Outgoing SCI. Except as provided in b below, a receipt
shall be retained and a record kept for all SCI physically dispatched
from the SCIF for the preceding 2 year period. Receipts shall identify
the material by control and copy number (if used), originator, contain
a brief description of the material, and identify the recipient. For
Confidential COMINT-related material, this requirement may be ful-
filled through the required ARFCOS pouch or package receipt or by
other appropriate dissemination records kept by the sender.
b. Raw Intelligence Data. Accountability records are not required
for raw intelligence data that are transmitted from a collection point
or facility to a processing facility or are being processed into a
form suitable for analytical use, provided such data remains under the
control of a single Intelligence Community organization, is transmitted
only by means authorized herein for SCI, and is accessible only to per-
sonnel meeting standards for, and granted access to, the SCI programs
or control systems involved in the data.
c. Working Material. Accountability records are not required for
SCI working materials used exclusively within a SCIF. Examples include
preliminary drafts of papers, film chips in analysts' reference files,
copies of electrically transmitted messages, records of analyst-to-
13
Approved For Release 2005/12/14: CIA-RDP87601034R000500180041-7
CONFIDENTIAL
Approved For Release ORWIDENRAIZB01034R000500180041-7
analyst transmissions, data base inquiries, and waste materials such
as carbon paper and stenographic notes. However, such materials must
be safeguarded according to the handling, storage and disposition
requirements for SCI documents.
30. Temporary Release of SCI Outside a SCIF. When operational needs
require SCI to be released for processing or temporary use by SCI-in-
doctrinated persons in non-SCI accredited areas, such release shall
only be accomplished with the consent and under the supervision of the
responsible SCI security/control officer. The responsible officer
shall obtain signed receipts for SCI released in this manner and shall
ensure that conditions of use of the released material will provide
adequate security until the SCI is returned to a SCIF.
31. Audits and Inventories. SOICs shall arrange for the conduct, by
SCI security/control officers, of such periodic reviews of SCI held by
organizations under their cognizance as will ensure that proper ac-
countability is being maintained and that SCI is destroyed when no
Longer needed. SOICs and SCI Program Managers may require the inven-
tory of specified SCI within activities under their cognizance.
32. Reproduction. Reproduction of SCI documents shall be kept to a
minimum consistent with operational necessity. Copies of documents
are subject to the same control, accountability, and destruction pro-
cedures as are the originals. Stated prohibitions against reproduction
shall be honored. Equipment used for SCI reproduction shall be thor-
oughly inspected and sanitized before being removed from a SCIF.
33. Transmission. SCI may be transmitted from one SCIF to another in
a manner which ensures that it is properly protected.
a. Courier Procedures. SCI may be carried from one SCIF to an-
other by two couriers approved for this purpose, by diplomatic pouch,
or by the Armed Forces Courier Service (ARFCOS). Courier procedures
shall ensure that SCI materials are adequately protected (to the extent
possible) against the possibility of hijacking, loss, exposure to un-
authorized persons, or other forms of compromise.
SCI couriers must be active-duty military or US Government
civilian employees meeting DCID 1/14 standards who are specifically
designated for that purpose. Contractors and consultants are pro-
hibited from couriering SCI unless they have been specifically approved
for such duty for a particular period by the responsible SOIC.
SCI may be carried by a single officially designated courier
within US Government or military installations or between SCIFs in the
Washington, DC, metropolitan area. Additionally, the responsible SOIC
may waive the two-courier requirement in other areas, as appropriate.
Material carried by a single courier shall be transported in a securely
Locked briefcase or sealed pouch marked "TO BE RETURNED UNOPENED TO
(name of appropriate organization and telephone number which will be
manned at all times ." No inner wrapper or container is required
under these circumstances.
14
Approved For Release 2005/12/14: CIA-RDP87601034R000500180041-7
CONFIDENTIAL
Approved For Release coiNfinRimpoi 034R00050Q180041-7
b. Wrapping Procedures. SCI shall be enclosed for couriering in
two opaque envelopes or be otherwise suitably double-wrapped using
canvas bags, cartons, leather or plastic pouches, or similar con-
tainers (see' a above for exception). Outer containers shall be secured
with tape, lead seals, tumbler padlocks, or other means which would
reasonably protect against surreptitious access. The inner and outer
containers shall be annotated to show the package number and addresses
of the sending and receiving SCIF. The notation "TO BE OPENED BY THE
(appropriate SCI Special Security/Control Officer) " shall be
placed above the pouch address of the receiving SCIF on both con-
tainers. The inner wrapper shall contain the document receipt and
the name of the person or activity for whom the material i's intended.
The applicable security classification and legend "CONTAINS SENSITIVE
COMPARTMENTED INFORMATION" shall appear on each side of the inner
wrapper only.
c. Electrical Transmissions. Senders of SCI transmitted electri-
cally or electronically (to include facsimile, computer, secure voice
or any other means of telecommunication) must ensure that such trans-
missions are made only to authorized recipients. Receivers must pro-
vide proper protection for SCI so received. Electrical transmission
of SCI shall be limited to specifically designated and accredited
communications circuits secured by an NSA-approved cryptographic system
and/or protected distribution systems. The construction and protection
of SCI telecommunications facilities shall be as prescribed in NFIB/
NFIC-9.1/47 and the effective edition of KAG-1 and superseding NACSI
4000-series publications.
34. Destruction of SCI. SCI shall be retained for the time periods
specified in records control schedules approved by the Archivist of
the United States (44 U.S.0 33 and FPMR 101-11.4). Duplicate infor-
mation and other non-record copies of SCI documents shall be destroyed
as soon as possible after their purpose has been served. Destruction
shall be accomplished in a manner that will preclude reconstruction in
intelligible form. Only those methods (e.g., burning, pulping, shred-
ding, pulverizing, melting, or chemical decomposition, depending on
the type of materials to be destroyed) specifically authorized by the
responsible SOIC may be used. Destruction shall be supervised and
witnessed by at least two SCI-indoctrinated persons. SCI in computer
or automated data processing systems or other magnetic media shall be
"destroyed" through erasure by approved degaussing equipment or by
executing sanitization procedures specified in the DCI's "Intelligence
Community Policy for the Release of Magnetic Storage Media," 13 March
1974.
RELEASE OF SCI TO CONTRACTORS/CONSULTANTS
35. Policy. Basic DCI policy on release of foreign intelligence to
contractors and consultants (hereafter referred to as contractors) is
contained in the attachment to DCID 1/7, "DCI Policy on Release of
Intelligence Information to Contractors and Consultants." SCI may be
released by SOICs or their designated representatives to US Government
15
Approved For Release 2005/12/14: CIA-RDP87601034R000500180041-7
NINFMENTIAL
Approved For Release NNW ERTFIAL Bo 034R000500180041-7
contractors according to the following. SOICs may impose more strin-
gent requirements.
a. The release, control, handling, accountability, and destruction
of SCI shall be accomplished pursuant to the provisions of the attach-
ment to DCID 1/7 and this manual.
b. The permission of the originator of the information to be
released shall be secured. (This permission may be granted in the
form of lateral agreements between departments and agencies.)
c. The sponsoring agency or department shall prescribe as part of
the contractual arrangement the minimum security requirements for safe-
guarding SCI according to this Directive. This may include a require-
ment that the contractor or consultant establish and maintain SCIF(s).
All activities involving SCI (including discussions) shall be con-
ducted in a SCIF.
d. SOICs of the sponsoring agency or department or their desig-
nated security representative shall perform or have performed a secu-
rity survey at the contractor or consultant SCIF prior to release of
SCI. The purpose of the survey is to determine that the SCIF and
security procedures established by the contractor or consultant are
adequate for the protection of SCI. Thereafter, periodic security
inspections to ensure continuous compliance with SCI security require-
ments shall be conducted.
e. Decisions on selections of contractors for prospective release
must take into account the potential recipients' past record in prop-
erly safeguarding classified material.
f. SCIFs established in industry must be closely monitored by the
sponsoring SOIC to ensure that SCI security procedures are followed
and that SCI documents are properly segregated from other materials
held by the contractor. When two or more organizations release SCI to
a given contractor, the organizations involved shall agree on matters
of joint SCI security responsibilities.
36. Foreign Ownership/Dominance. Contractor companies under foreign
ownership, control or influence shall generally be ineligible for
access to SCI activities and information. Foreign ownership, control
or influence in this instance means that foreign interests own five
percent or more of a contractor's voting stock, or they are able
through lesser holdings to control or influence the appointment and
tenure of the contractor's managing officials. The responsible SOIC
may waive this provision, however, if a review of the circumstances
determines that the following conditions apply: the foreign ownership,
control or influence does not involve Communist countries or countries
otherwise inimical to the United States, and the foreign interests do
not have the right to control or influence the appointment or tenure
of a contractor's managing officials. Before a waiver is granted,
provision must be made to ensure that security safeguards exist to
16
Approved For Releaseddrifittor..034R000500180041-7
Approved For Release coiNFIDENTAB01034R000506180041-7
Should foreign ownership increase beyond five percent during the course
of a contract, a review of the contractor's eligibility for continued
access shall be made by the responsible SOIC.
LEGISLATIVE BRANCH ACCESS TO SCI
37. Policy:
a. As an underlying principle, access to intelligence information
shall be consistent with the protection of intelligence sources and
methods. Normally, Congressional requests for intelligence informa-
tion can be satisfied at the collateral (i.e., non-SCI) level, but, in
certain instances, there may be a need for access to SCI. In these
instances, every effort shall be made to exclude, to the extent pos-
sible, data on intelligence sources and methods.
b. Members of Congress may be provided access to SCI on a need-to
-know basis without a security investigation or adjudication. Heads
of organizations within the Intelligence Community or program managers
providing SCI shall provide briefings on the sensitivity and vulner-
ability of the information, and the sources and methods involved, as
required to ensure proper protection.
c. Access to SCI by staff members of the Senate Select Committee
on Intelligence (SSCI) and the House Permanent Select Committee on
Intelligence (HPSCI) are governed by Memoranda of Understanding (MOU)
executed by the Chairmen of these Committees and the DCI. Provision
of information and materials to these Committees shall be in accordance
with mutually agreed upon existing arrangements with the Committees.
d. Requests for SCI access approvals for other Legislative Branch
personnel shall be referred to the Chief of Legislative Liaison for
DCI approval. Requests must be in writing by committee or subcommittee
chairmen and clearly describe the nominee's need-to-know. Issues
arising with regard to particular requests shall be referred to the DCI
for resolution. Unless otherwise authorized by the DCI, approval for
SCI access for Legislative Branch staff personnel shall be limited to:
(1) Permanent staff personnel of appropriate Congressional
committees and subcommittees.
(2) Selected employees of the General Accounting Office and
the Library of Congress.
(3) Selected members of the staffs of the Leadership of the
House and Senate, as agreed by the DCI and the Leadership.
38. Verification Requirement. The DCI's Chief of Legislative Liaison
will verify, on behalf of the DCI, the need of persons in the Legisla-
tive Branch, other than members of Congress, for SCI access. Verifi-
cations shall be based on such persons' job responsibilities in the
following areas:
17
Approved For Release 2005/12/14: CIA-RD_P_87B01034R000500180041-7
CONFIDENTIAL
Approved For Release CONFIDENRALB01034R000500180041-7
a. Direct involvement in authorization legislation pertaining to
Intelligence Community organizations.
b. Direct involvement in appropriations legislation for Intelli-
gence Community organizations.
c. Direct involvement in reviews authorized by law of activities
of Intelligence Community organizations.
d. Direct involvement in other legislative matters which, of
necessity, require direct SCI access.
39. Access Approval Procedures:
a. SCI access approvals may be granted to staff personnel in the -
Legislative Branch, described above, who possess a Top Secret collat-
eral clearance and who meet the investigative standards set forth in
DCID 1/14. Requests for exceptions to this policy shall be referred
to the DCI's Chief of Legislative Liaison. The requester of the SCI
access approval is responsible for assuring the conduct of an appropri-
ate investigation. Reports of investigation shall be reviewed by the
CIA Director of Security to assure uniform application of DCID 1/14
security criteria. The granting of access approvals shall be coordi-
nated with the appropriate program managers, as agreed by the DCI.
b. Staff personnel in the Legislative Branch receiving SCI access
approvals shall be provided appropriate security briefings by the CIA
Special Security Center and shall sign NdAs before receiving SCI ac-
cess. SCI access approvals shall be recorded in the 4C system (para-
graph 8). Copies of NdAs shall be provided to program managers who
request them.
c. The DCI's Chief of Legislative Liaison shall be notified
promptly of employee job changes or terminations to ensure updating of
the 4C system and appropriate debriefing of the employee. SCI access
approvals of Legislative Branch employees must be withdrawn or revali-
dated if an employee leaves the specific position for which access was
authorized.
d. SCI shall be made available to committee and subcommittee
members only through or under the authority of the chairman of the
Congressional committee or subcommittee concerned.
40. Handling and Storage of SCI:
a. Any Intelligence Community organization that provides SCI to
Congress shall ensure that the handling and storage of such information
conforms to the requirements in NFIB/NFIC-9.1/47 (see paragraph 12) or
successor policy statements. SCIFs shall be accredited by the CIA
Special Security Center. Where adequate provisions cannot be made for
the handling and storage of SCI, no such information may be provided
without the approval of the DCI.
18
Approved For Release 2005/12/14: CIA-RDP87601034R000500180041-7
CONFIDENTIAL
Approved For Release
0
F/11DENTFII471301034R000500180041-7
b. Any Intelligence Community organization that provides testimony
or briefings involving SCI to persons in the Legislative Branch shall
do so according to the following security measures;
(1) A thorough physical security and audio countermeasures
inspection of the room where testimony or briefing will occur must be
conducted immediately before the presentation, unless the premises are
maintained in a secure status. Audio countermeasures surveillance of
the premises should also be maintained during the presentation.
(2) All persons present, other than elected officials, in-
cluding transcribers and other clerical personnel, must be certified
for the SCI 'access being discussed. Arrangements shall be made to
monitor entrances to the room where the presentation will be given to
exclude unauthorized persons.
(3) All transcriptions or notes that result from briefings
or testimony must be handled and stored according to the SCI security
requirements as specified in a, above.
(4) The room in which a presentation is given must be in-
spected after the presentation to ensure that all SCI is properly
secured.
(5) Any Intelligence Community organization that provides SCI
to a Congressional committee, other than a committee routinely involved
in the oversight and appropriations processes of Intelligence Community
organizations, shall endeavor to provide such information through the
SSCI or HPSCI, as appropriate. The SSCI and HPSCI both have facilities
that meet the NFIB/NFIC-9.1/47 requirements and personnel trained in
SCI handling procedures. The Committee requesting the information
shall contact the HPSCI or SSCI and obtain their permission to use
their facilities prior to the transmittal of the information. Where
possible, custody of such information shall remain with the Intelli-
gence Community organization concerned. Where such information must
be physically transferred, efforts shall be made beforehand to elimi-
nate or minimize the risk of exposure of SCI sources and methods.
41. Marking SCI Released to Congress. SCI being prepared for release
to Members of Congress and Congressional committees shall be marked
with all applicable classifications; SCI caveats, codewords, project
indicators; and DCID 1/7 control markings. The term "SENSITIVE" may
not be used instead of, or in addition to, SCI markings. Releasing
agencies shall ensure, through their legislative offices or comparable
elements, that Congressional committee staff employees, and employees
of the Library of Congress and the General Accounting Office, have
clearances and SCI access authorizations appropriate for receipt of
the material involved. Releasing agencies also shall ensure that SCI
being provided Legislative Branch components is stored in accredited
SCIFs.
19
Approved For Release 2005/12/14: CIA-RDP87601034R000500180041-7
CONFIDENTIAL
Approved For Release 005NFIDENNAIZB01034R000500180041-7
JUDICIAL BRANCH ACCESS TO SCI
42. Policy. The Department of Justice (DOJ) Security Officer has
been given the responsibility for the care, custody and control of SCI
material involved in any criminal case, pursuant to the Classified
Information Procedures Act of 1980 (CIPA] [Public Law 96-456. 94
Stat. 2025 18 USC Appendix 4] and the "Security Procedures Established
Pursuant to Public Law 96-456. 94 Stat. 2025 18 USC Appendix 4, By The
Chief Justice of the United States For The Protection of Classified
Information," dated 12 February 1981. These security procedures were
developed in consultation with the Attorney General, the Director of
Central Intelligence, and the Secretary of Defense. The following
policy taken from the "Security Procedures" is provided as general
guidance when Judicial Branch access to SCI is required.
a. An SCI access authorization for federally appointed judges and
justices is not required. If desired, however, an SCI authorization
can be granted and a formal briefing presented to the requesting judge
/justice through coordination with the DOJ Security Officer.
b. Magistrates, immigration commissioners, administrative law
judges, hearing commissioners, and other such court officials, who are
not appointed by the Federal Government, or who have not been subjects
of background investigations as part of the appointment process, must
obtain SCI access authorization.
c. All other court, government, or support personnel (law clerks,
attorneys, US Marshals, courtroom clerks, court reporters, administra-
tive officers, secretaries, etc.), who have a validated need-to-know,
must obtain SCI access authorization.
d. The Government may obtain, consistent with the CIPA and its
"Security Procedures," as much information as possible in its attempt
to make an adjudication pursuant to DCID 1/14, for those individuals
acting for the defense.
e. There is no requirement for investigation or SCI access author-
ization for members of the jury.
f. A Court Security Officer (CSO) shall be appointed by the Court
from recommendations submitted by the DOJ Security Officer and with
the concurrence of the head of any Intelligence Community entity (or
his/her designee) from which the case-related SCI originates. The CSO
is responsible for ensuring compliance with the CIPA and all other
applicable directives and regulations concerning the safeguarding of
SCI; and, for providing SCI security support, as needed, for all per-
sons involved in the particular case.
43. SCI Access Verification. Requirements for SCI access shall be
provided to the CSO who shall notify the DOJ Security Officer. The DOJ
Security Officer shall coordinate requirements with agencies/program
managers involved.
20
Approved For Release 2005/12/14: CIA-RDP87601034R000500180041-7
CONFIDENTIAL
Approved For Release 1OONE/110PlifF1L4LB01034R000500180041-7
44. SCI Access Eligibility Determination Procedures. SCI access will
be authorized by the DOJ Security Officer, who is responsible for
adjudicating the results of investigations required by DCID 1/14.
a. The Court, and other appropriate officials, shall be notified
in writing by the DOJ Security Officer of SCI access approvals.
b. SCI briefings shall be provided by DOJ Special Security Center
(SSC) personnel, or by an appropriately indoctrinated representative
of the agency which originated the SCI, in coordination with the DOJ
SSC. ?
45. Handling and Storage of SCI. Matters pertaining to the handling,
storage and disposition of SCI shall be coordinated with the CSO who is
responsible for ensuring that proper safeguarding procedures are estab-
lished and that adequate storage is provided for SCI pursuant to the
CIPA Security Procedures and this manual. These matters shall be coor-
dinated with the U.S. Intelligence Community entities originating the
SCI case material.
46. Additional Details. Additional details/information may be found
in the CIPA and/or the "Security Procedures," which may be obtained
from the DOJ SSC. Any question concerning the interpretation of any
security requirement contained in the CIPA security procedures shall
be resolved by the Court in consultation with the DOJ Security Offi-
cer and the appropriate Executive Branch agency security representa-
tive.
SCI SECURITY VIOLATIONS/COMPROMISES
47. Individual Responsibilities. All possible security violations or
compromises involving SCI shall be immediately reported to the applica-
ble SCI Security/Control Officer. Immediate action shall be taken to
maintain the physical security of SCI documents discovered in an in-
secure environment until such material can be restored to SCI control.
SOICs shall ensure that persons under their cognizance are advised and
are periodically reminded of these responsibilities.
48. Investigations. SOICs shall establish procedures within their
organizations to ensure that all reported actual or potential security
violations or compromises occurring in areas subject to their juris-
diction are properly investigated to determine if there is a reasonable
likelihood that a compromise may have occurred.
a. If so, the cognizant SOIC, or other authority designated by
the SOIC, shall immediately report the incident to the appropriate
Intelligence Community Program Manager. An investigation shall be
conducted to identify full details on the violation/compromise, and to
determine what specific information was involved, what damage resulted,
and whether culpability was involved in the incident.
b. If the case involves an inadvertent disclosure, the SCI Secu-
rity/Control Officer is expected to exercise his or her best judgment
21
Approved For ReleaseCUNrinEM7B01034R000500180041-7
Approved For Release 00iNFIDE4RAIIB01034R000500180041-7
as to whether the interests of SCI security are well served by seeking
written agreements from unindoctrinated persons to whom SCI has been
inadvertently disclosed. If the judgment is that those interests are
so served, the person(s) involved signs an inadvertent disclosure
agreement; and if the responsible SCI Security/Control Officer has
reason to believe that the person(s) will maintain absotute secrecy
over the SCI involved, the report of investigation may conclude that
no compromise occurred.
c. The farm of inadvertent disclosure agreement may be developed
by SOICs, but shall, in all cases, be structured so that it conveys no
classified information itself, emphasizes that there is no time limit
on the need to safeguard the disclosed data, reminds the signer of the
provisions of the Espionage Statutes, and commits the signer to cer-
tifying his or her understanding of the situation and to affirming
that he or she will never, without proper authority, disclose or dis-
cuss the information with any other person.
d. When investigations show that SCI was inadvertently disclosed
to foreign nationals, or that cases under investigation involve damage
deemed significant by the cognizant SOIC, espionage, flagrant derelic-
tion of security duties, or serious inadequacy of security policies
and procedures, summaries of the investigations and of related actions
shall be provided to the DCI by the responsible SOIC. The DCI Security
Committee is the preferred channel for such reporting.
49. Corrective Action. Investigating officers shall advise cognizant
SOICs and SIOs of weaknesses in security programs and recommend correc-
tive action(s). SOICs are responsible for ensuring that appropriate
corrective action is taken in all cases of actual security violations
and compromises. Administrative sanctions imposed in cases of demon-
strated culpability shall be recorded in security files of the respon-
sible SOIC. Security deficiencies identified by investigation to have
contributed directly to the incident shall be corrected if it is within
the capability of the SOIC concerned; if not, full details and recom-
mendations on corrective measures shall be provided to the DCI through
the DCI Security Committee.
INSPECTIONS
50. Policy. Periodic inspections of SCIFs by the responsible SOIC are
mandatory. Inspections shall be performed by persons knowledgeable of
SCI storage, control and protection procedures, and shall be designed
to ensure that procedures and safeguards comply with the requirements
of NFIB/NFIC-9.1/47, this manual, and other applicable directives.
Inspection reports shall be retained in the files of the accrediting
organization. Intelligence Community organization inspection reports
of joint SCIFs may be accepted by any other organization which uses
the SCIF as valid findings of the degree of compliance with applicable
security standards.. Inspection reports shall identify any deficiencies
found and the status of actions taken to correct them.
22
Approved For Release 2005/12/14: CIA-RDP87601034R000500180041-7
CONFIDENTIAL
Approved For Release 2005/12/14: CIA-RDP87601034R000500180041-7
c644,
417-2411441
---
gel ,i,;..p.414eae-t-41
a,a,11.4010a5-
Approved For Release 2005/12/14: CIA-RDP87601034R000500180041-7
Approved For Release 2005/12/14: CIA-RDP87601034R000500180041-7
Approved For Release 2005/12/14: CIA-RDP87601034R000500180041-7