SECURITY POLICY MANUAL FOR SCI CONTROL SYSTEMS (U)
Document Type:
Collection:
Document Number (FOIA) /ESDN (CREST):
CIA-RDP87B01034R000500180002-0
Release Decision:
RIPPUB
Original Classification:
C
Document Page Count:
26
Document Creation Date:
December 19, 2016
Document Release Date:
September 29, 2005
Sequence Number:
2
Case Number:
Publication Date:
June 28, 1982
Content Type:
REPORT
File:
Attachment | Size |
---|---|
![]() | 1.46 MB |
Body:
ppFlyt~P W or or Release 2005/12/14: CIA-RDP87BO1034ROO050
SECURITY POLICY
MANUAL FOR
SCI CONTROL SYSTEMS (u)
Prepared for
The Director of
Central Intelligence
by the
Security Committee
Confidential
Approved For Release 2005/12/14: CIA-RDP87BO1034R000500180002-0
Approved For Release 2005/12/14: CIA-RDP87BO1034R000500180002-0
Warning Notice
Intelligence Sources and Methods Involved
(WNINTEL)
NATIONAL SECURITY INFORMATION
Unauthorized Disclosure Subject to Criminal Sanctions
NOFORN-
REL...-
plot Releasable to Foreign Nationals
This Information has been Authorized for
Release to ...
Not Releasable to Contractors or
Contractor/ Consultants
Caution-Proprietary Information
ORCON- Dissemination and Extraction of Information
Controlled by Originator
25X1
Approved For Release 2005/12/14: CIA-RDP87BO1034R000500180002-0
Directo I-or Release 2005/12/14: CIA-RDP87B01034R000500"12U fl &tial
Intelligence
SECURITY POLICY
MANUAL FOR
SCI CONTROL SYSTEMS (v)
Prepared for
The Director of
Central Intelligence
by the
Security Committee
Confidential
Approved For Release 20v~%1F~?F TIgCyA-RDP87B01034R000500180002-0
For Release 2005/12/14: CIA-RDP87B01034R000500`r;
SECURITY POLICY
MANUAL FOR
SCI CONTROL SYSTEMS (u)
Prepared for
The Director of
Central Intelligence
by the
Security Committee
jgptial
Confidential
Approved For Release 2005/12/14: CIA-RDP87BO1034R000500180002-0
Approved For Release 2005/12/14: CIA-RDP87BO1034R000500180002-0
Warning Notice
Intelligence Sources and Methods Involved
(WNINTEI.)
NATIONAL. SECURITY INFORMATION
Unauthorized Disclosure Subject to Criminal Sanctions
DISSEMINATION CONTROI. ABBREVIATIONS
NOFORN- Not Releasable to Foreign Nationals
REL. . .- This Information has been Authorized for
Release to ...
NOCONTRACT- Not Releasable to Contractors or
Contractor /Consultants
PROPIN- Caution-Proprietary Information Involved
ORCON-- Dissemination and Extraction of Information
Controlled by Originator
25X1
Approved For Release 2005/12/14: CIA-RDP87BO1034R000500180002-0
Approved For Release 20Q%$40MQ-RDP87B01034R000500180002-0
DIRECTOR OF CENTRAL INTELLIGENCE
SECURITY POLICY MANUAL FOR
SCI CONTROL SYSTEMS (u)
(Attachment to "Security Policy for Sensitive
Compartmented Information (SCI)"
Approved For Release 2&85/1'z/1TIA6IA-RDP87B01034R000500180002-0
Approved For Releasec l?/l4t: CIA-RDP87BO1034R000500180002-0
Paragraph
Page
Introduction ................................................................................................
1
1
Definitions ....................................................................................................
1
1
PERSONNEL SECURITY
General ........................................................................................................
2
2
Need-to-Know Policy ..................................................................................
3
2
Standards ....................................................................................................
4
2
SCI Nondisclosure Agreements (NdAs) ....................................................
5
2
Recording Indoctrinations and Debriefings ................................................
6
2
Access Approvals ........................................................................................
7
2
Central Registry ..........................................................................................
8
4
Security Indoctrination and Education ......................................................
9
4
Foreign Contacts ........................................................................................
10
4
SCI Travel and Assignment Security Policy ..............................................
11
4
PHYSICAL SECURITY
Construction and Protection Standards ......................................................
12
4
Accreditation of SCIFs ..............................................................................
13
5
Emergency Plans ........................................................................................
14
5
Two-Person Rule ........................................................................................
15
5
TECHNICAL SECURITY
Technical Surveillance Countermeasures ..................................................
16
6
Compromising Emanations Control Security (TEMPEST) ......................
17
6
Automated Data Processing (ADP) Security ............................................
18
6
SCI DOCUMENT CONTROL OFFICES/CENTERS
AND SECURITY OFFICIALS
SCI Special Security Offices and/or Control Centers ..............................
19
6
SCI Special Security/ Control Officers ......................................................
20
6
INFORMATION SECURITY
Standard Classification Marking Requirements ........................................
21
7
SCI Caveats, Codewords, and Designators ................................................
22
7
Dissemination Control Markings ................................................................
23
7
Portion Marking ..........................................................................................
24
7
Letters or Memoranda of Transmittal ......................................................
25
8
SCI Control Numbers ................................................................................
26
8
Specialized Media ......................................................................................
27
9
Cover Sheets ................................................................................................
28
10
iii
Approved For Release'NUMM CIA-RDP87BO1034R000500180002-0
Approved For Release 2005/1 2/1c4oN~a RR 87B01034R000500180002-0
Paragraph
Page
SCI Accountability and Control Procedures ..............................................
29
10
Temporary Release of SCI Outside a SCIF ..............................................
30
11
Audits and Inventories ................................................................................
31
11
Reproduction ..............................................................................................
32
11
Transportation/Transmission ......................................................................
33
11
Destruction of SCI ......................................................................................
34
12
RELEASE OF SCI TO CONTRACTORS/
CONSULTANTS
Policy ............................................................................................................
35
12
Foreign Ownership/ Dominance ..................................................................
36
13
Policy ............................................................................................................
37
13
Verification Requirement ............................................................................
38
14
Access Approval Procedures ......................................................................
39
14
Handling and Storage of SCI ....................................................................
40
14
Marking SCI Released to Congress ..........................................................
41
15
Policy ............................................................................................................
42
15
SCI Access Verification ..............................................................................
43
16
SCI Access Eligibility Determination Procedures ....................................
44
16
Handling and Storage of SCI ....................................................................
45
16
Additional Details ......................................................................................
46
16
SCI SECURITY VIOILATIONS/COMPROMISES
Individual Responsibilities ..........................................................................
47
17
Investigations ..............................................................................................
48
17
Corrective Action ........................................................................................
49
17
Policy ............................................................................................................
iv
Approved For Release 2005/12 NF(NKINP87B01034R000500180002-0
Approved For Release 2005/12/14: CIA-RDP87BO1034R000500180002-0
CONFIDENTIAL
SECURITY POLICY MANUAL FOR
SCI CONTROL SYSTEMS
Introduction
This manual contains security policy and procedures common to the several SCI control
systems for the protection of intelligence information. Users should refer to DCIDs and other
documents referenced herein for specific guidance on the functional areas they cover. Users
are also reminded that they should refer to the applicable SCI control system manuals or di-
rectives for guidance on what information is to be classified at what level and protected by
compartmentation.
Questions on this manual should be directed to the DCI Security Committee (SECOM)
if not answerable by security components of Intelligence Community organizations.
As this manual sets forth security policy and procedures for SCI control systems, it mer-
its and warrants the overall classification of CONFIDENTIAL in its totality. Selected
paragraphs may be excerpted for use at the unclassified (Official Use Only) level by Senior
Officials of the Intelligence Community (SOICs), their designees, or SCI Special Security/
Control Officers, when considered appropriate.
1. Definitions
a. Document-any recorded information regardless of its physical form or characteris-
tics, including, without limitation, written or printed matter, automated data-processing
storage media, maps, charts, paintings, drawings, photos, engravings, sketches, working notes
and papers, reproductions of such things by any means or process, and sound, voice,
magnetic, or electronic recordings in any form.
b. Hardcopy Document-any document that is initially published and distributed by the
originating component in paper form and that is not stored or transmitted by electrical
means.
c. Intelligence Community-those United States Government organizations and activi-
ties identified in Executive Order 12333 or successor orders as making up such Community.
d. Raw Intelligence-collected intelligence information which has not yet been convert-
ed into finished intelligence.
e. Sensitive Compartmented Information (SCI)-all information and materials requir-
ing special Community controls indicating restricted handling within present and future
Community intelligence collection programs and their end products. These special Communi-
ty controls are formal systems of restricted access established to protect the sensitive aspects
of sources and methods and analytical procedures of foreign intelligence programs. The term
does not include Restricted Data as defined in Section II, Public Law 585, Atomic Energy
Act of 1954, as amended.
f. SCI Facility (SCIF) -an accredited area, room, group of rooms, or installation where
SCI may be stored, used, discussed and/or electronically processed.
I
Approved For Release 2d ' i Dii TIkIA-RDP87B01034R000500180002-0
Approved For Release 2005/12/14: CIA-RDP87BO1034R000500180002-0
CONFIDENTIAL
g. Senior Officials of the Intelligence Community (SOICs)-for the purposes of this
manual, SOICs are defined as the heads of organizations within the Intelligence Community,
as defined by Executive Order 12333, or their designated representatives.
2. General. The protection of SCI is directly related to the thoroughness and effectiveness of
the personnel security program applicable to those individuals having access to such
information. An interlocking and mutually supporting series of program elements (e.g., need-
to-know, investigation and adjudication in accordance with DCID 1 / 14, "Minimum
Personnel Security Standards and Procedures Governing Eligibility for Access to SCI,"
binding contractual obligations on those granted access, security orientation, and continuing
security oversight) can provide reasonable assurances against compromise of SCI by those au-
thorized access to it.
3. Need-to-Know Policy. The first personnel security principle in safeguarding SCI is to
ensure that only those persons with a clearly identified need-to-know are granted access to it.
Need-to-know is a determination by an authorized holder of classified information that
access to specific classified material in his or her possession is required by one or more other
persons to perform a specific and officially authorized function essential to accomplish a na-
tional security task or as required by Federal Statute, Executive Order, or directly applicable
regulation.
4. Standards. Personnel security standards, reporting of data bearing on SCI eligibility,
investigative requirements, reinvestigations, adjudications, and supervisory security responsi-
bilities shall be in accordance with DCID 1/14.
5. SCI Nondisclosure Agreements (NdAs).
a. All persons holding or being given SCI access shall sign an NdA. Failure to sign an
NdA is cause to deny or revoke existing SCI access to the refusing person. The NdA
establishes explicit obligations on both the Government and the individual signer in the
interest of protecting SCI,. Form 4193, "Sensitive Compartmented Information Nondisclo-
sure Agreement," is available for use. It includes a prepublication review provision. Use of a
prepublication review provision in any alternative form of NdA is mandatory. Any
department or agency electing to use an alternative form of NdA shall use it without
exception for all SCI accesses.
b. Further information on Form 4193 may be found in the July 1981 "Questions and
Answers for Use with the Sensitive Compartmented Information Nondisclosure Agreement"
prepared for use by government and industry security officers.
6. Recording Indoctrinations and Debriefings. Briefing officers shall appropriately record
certifications of all SCI indoctrinations and debriefings they accomplish. Administrative
guidance on NdAs, indoctrination and debriefing forms, and related procedures shall be
specified by SOICs for areas under their cognizance.
7. Access Approvals. When need-to-know has been established and investigative results have
been satisfactorily adjudicated, SCI accesses shall be granted and formally recorded.
a. Authority. SCI accesses shall be granted by the SOIC having cognizance of the
persons involved. For persons in non-NFIB government organizations, SCI accesses are
granted by the DCI through the CIA Special Security Center (SSC). Unless specifically
delegated, approval authority for access to certain operational collection systems is retained
2
Approved For Release 2005/1 2 1MR:t4R1 P87B01034R000500180002-0
Approved For Release 2005/12/14: CIA-RDP87BO1034R000500180002-0
CONFIDENTIAL
by the cognizant program manager, executive agent or national authority. Administrative
procedures governing the granting of SCI accesses shall be specified by SOICs for their
organizations.
b. General SCI Approvals-"PROXIMITY." A "PROXIMITY" approval may be
granted by, and at the discretion of, the cognizant SOIC to persons who closely support SCI
collection, processing, or use but whose duties do not warrant granting substantive SCI access
approvals. PROXIMITY allows the holder to perform his or her duties in support of any SCI
control system provided the tasks do not involve visual or aural access to clear text,
intelligible SCI.
(1) PROXIMITY approvals may also be granted, according to the criteria in (2) be-
low, when a person is authorized one or more SCI access approvals. For example,
substantive access to COMINT may be required when PROXIMITY will suffice for an-
other SCI access.
(2) Minimum criteria for PROXIMITY approval areas follow:
(a) The nature of the individual's support to SCI involves a substantial latent
risk of exposure to SCI through inadvertence or a deliberate effort by the
individual.
(b) Approval for a specific SCI System or project would provide the person
more information than needed, either in the indoctrination or by virtue of the access
approval, or both.
(c) The individual does not need to know substantive SCI in order to perform
his or her function and shall not receive access in the normal course of his or her
duties.
(d) The individual's potential for access is such that personnel security
assurances provided through investigations and adjudication for collateral clear-
ances are not deemed adequate by the cognizant SOIL or designee.
(3) Persons determined by their SOIC to require PROXIMITY approval shall be
processed to DCID 1/ 14 personnel security standards. They shall be given a non-SCI re-
vealing briefing notifying them that their duties may bring them in close proximity to
highly sensitive government information; cautioning them to report to their security
officer any inadvertent access involving them; and providing them a generalized
description of the appearance of SCI documents (e.g., material may have color-coded
cover sheets, and shall bear handling system caveats) to enable them to recognize such
material if it is exposed to them.
(4) NdAs are required of persons being granted PROXIMITY approval to obligate
them to observe the agreement's provisions with respect to any SCI of which they might
gain knowledge. If an inadvertent disclosure is made to a person with PROXIMITY ap-
proval, that person shall be given a security briefing to ensure that he or she understands.
the applicability of the NdA and his or her obligations under it.
(5) SOICs shall administer PROXIMITY approvals for those persons they sponsor.
Once granted, the PROXIMITY approval is valid within the cognizance of the granting
SOIL.
(6) To the extent that SOICs find it practicable, individuals already holding
substantive access approvals may be converted to PROXIMITY if they meet the tests
3
Approved For Release 20Qel1 Pf*TI?IA-RDP87BO1034R000500180002-0
Approved For Release 2005/12/14: CIA-RDP87BO1034R000500180002-0
CONFIDENTIAL
for such. Those so converted shall be cautioned not to discuss with other PROXIMITY
approved persons their previously acquired knowledge of SCI. SOICs are expected to ex-
ercise prudence in extending PROXIMITY approvals to persons and positions not now
requiring SCI access approvals in order to avoid undue burden on the SCI personnel se-
curity system. Substantive access approval requests shall normally take precedence over
PROXIMITY requests.
8. Central Registry. A Community-Wide, Computer Assisted, Compartmentation Control
System (4C system) is being established by the DCI. Each SOIC granting or terminating SCI
accesses and PROXIMITY approvals shall record such actions in the 4C system. SOICs are
responsible for establishing procedures for the certification of SCI accesses to other
components.
9. Security Indoctrination and Education.
a. Prior to signing the NdA or being afforded access to SCI, persons approved for SCI
access shall be given a non-SCI revealing briefing on the general nature and procedures for
protecting the SCI to which they will be exposed, advised of their obligations both to protect
that information and to report matters of security concern, and allowed to express any
reservations concerning the NdA or access to SCI.
b. Subsequent to signing the NdA, persons shall be fully indoctrinated on the aspects of
the SCI to which they are authorized access and have a demonstrated need-to-know. All per-
sons granted SCI access shall periodically be advised of their continuing security responsibil-
ities and of security threats they may encounter. DCI SECOM-D-543, July 1979, "Mini-
mum Standards for Security Awareness Programs in the U.S. Intelligence Community,"
provides guidance.
10. Foreign Contacts. Close, continuing personal associations with foreign nationals by
persons with SCI access are of security concern. Persons with SCI access shall be informed of
their continuing responsibility to report all non-official contacts with representatives or
citizens of Communist-controlled countries and of other countries which are hostile to the
United States. SOICs shall ensure that their SCI-indoctrinated personnel are kept informed
of which countries are of concern in this regard. SCI-indoctrinated persons are also
responsible for reporting contacts with persons from other than Communist-controlled or
hostile countries whenever those persons show undue or persistent interest in employment, as-
signment, or sensitive national security matters. Contacts, or failure to report contacts, in ei-
ther of the above situations shall result in reevaluation of eligibility for continued SCI access
by the cognizant SOIC. Casual contacts arising from living in a community and which do not
fall within either of the above situations normally need not be reported.
1 I. SCI Travel and Assignment Security Policy. Persons with current SCI access who plan
unofficial travel to, or who are being assigned to duty in, foreign countries and areas,
particularly those identified in DCID 1/20, "Security Policy Concerning Travel and
Assignment of Personnel With Access To SCI," incur a special security obligation. This in-
cludes requirements to provide advance notice of unofficial travel and to be afforded
appropriate defensive security briefings prior to official assignment or unofficial travel.
Minimum security policy applicable to such travel or assignment is stated in DCID 1/20.
12. Construction and Protection Standards. All SCI must be stored within accredited SCIFs.
Physical security standards for the construction and protection of such facilities are
4
Approved For Release 2005/127T*EICMA P87B01034R000500180002-0
Approved For Release 20W/'*Mt;MQ-RDP87B01034R000500180002-0
prescribed in NFIB/NFIC-9.1/47, "U.S. Intelligence Community Physical Security Stan-
dards for SCI Facilities," effective 23 April 1981, or successor policy statements.
13. Accreditation of SCIFs. The DCI shall accredit all SCIFs except where that authority has
been specifically delegated or otherwise provided for. The CIA Office of Security shall
accredit SCIFs for Executive Branch departments and agencies outside the Intelligence
Community and for the Legislative and Judicial Branches. The accreditation shall state the
category(ies) of SCI authorized to be stored/processed in the SCIF. Accrediting officials
shall maintain a physical security profile on each of their SCIFs to include data on any waiv-
ers of standards.
14. Emergency Plans. Each accredited SCIF shall establish and maintain an approved
emergency plan. This may be part of an overall department, agency, or installation plan, so
long as it satisfactorily addresses the considerations stated below. Emergency planning shall
also take account of fire, natural disasters, entrance of emergency personnel (e.g., host
country police and firemen) into a SCIF, and the physical protection of those working in such
SCIFs. Planning should address the adequacy of protection and firefighting equipment, of
evacuation plans for persons and SCI, and of life-support equipment (e.g., oxygen and masks)
that might be required for personnel trapped in vault-type SCIFs.
a. In areas where political instability, host country attitude, or criminal activity suggests
the possibility that a SCIF might be overrun by outsiders, emergency plans must provide for
the secure destruction/removal of SCI under adverse circumstances, to include such
eventualities as loss of electrical power, nonavailability of open spaces for burning or
chemical decomposition of material, and immediate action to be taken if faced with mob at-
tack. Where the risk of overrun is significant, holdings of SCI must be reduced to, and kept
at, an absolute minimum needed for current working purposes, with reference or background
material to be obtained, when needed, from other activities and to be returned or destroyed
when it has served its purpose.
b. Emergency plans shall be reviewed annually and updated as necessary. All personnel
shall be familiar with the plans. In areas where political or criminal activity suggests the pos-
sibility that the SCIF might be overrun by outsiders, drills shall be conducted as local
circumstances warrant but no less frequently than annually to ensure testing and adequacy of
plans.
15. Two-Person Rule. NFIB/NFIC-9.1/47 establishes policy on this subject, which is quoted
below for ready reference:
"As a matter of policy, SCI Control Facilities (SCIFs) should be
staffed with sufficient people to deter unauthorized copying or illegal
removal of SCI. SCIF designated communication centers, document
control centers (registries), and like facilities that handle or store quanti-
ties of SCI must be manned while in operation by at least two appropriate-
ly indoctrinated persons in such proximity to one another as to provide
mutual support in maintaining the integrity of the facility and the
material stored therein. The granting by an SOIC of exceptions to this
policy will be made a matter of record and should involve consideration of
the proven reliability and maturity of the persons involved; the volume,
variety, and sensitivity of the holdings in the facility; and whether or not
the persons involved are subject to periodic polygraph examinations as a
condition of access. Exceptions for communications centers, document
control centers, and the like should be granted in only extraordinary
5
Approved For Release 20 bb'/'l~F ' ?T'iA-RDP87B01034R000500180002-0
Approved For Release 2005/12/14: CIA-RDP87B01034R000500180002-0
CONFIDENT[
circumstances. Routine work by a lone individual in any SCIF is to be
avoided. Contractors will provide two-person occupancy in all SCIFs not
specifically exempted by the SOIC of the government sponsor."
When a SCIF is granted a waiver for long-term occupancy by a single person, the responsible
official shall also establish procedures to ensure that periodic visual or oral checks are made
to provide assurances on the well-being of the single occupant. Duress alarms and/or duress
codes are considered valuable tools t:o assist in overcoming problems associated with long-
term occupancy of a SCIF by a single person.
TECHNICAL SECURITY
16. Technical Surveillance Countermeasures. Responsible SOICs shall ensure that technical
surveillance countermeasures are conducted at their SCIF.> at appropriate intervals. Briefings
on technical penetration threats shall be provided to personnel manning SCIFs.
17. Compromising Emanations Control Security (TEMPEST). All equipment used to
transmit, handle, or process SCI electronically, including communications, word-processing
and automated data processing equipment, must satisfy the requirements of NCSC-4,
"National Policy on Control of Compromising Emanations" and NACSIM 5203, "TEM-
PEST Guidelines for Facility Design and RED/BLACIK Installations" (when published).
Identified compromising emanations must be contained within appropriate boundaries.
Instrumented TEMPEST tests shall be conducted all appropriate intervals to insure
compliance with NCSC?-4 or successor policy.
18. Automated Data Processing (ADP) Security. All ADP equipment used for. processing,
handling,, or storing SCI shall be operated and secured in compliance with DCID 1/] 6, "Se-
curity of Foreign Intelligence in Automated Data Processing Systems and Networks," or
successor policy directives.
SCI DOCUMENT CONTROL OFFICES/CENTERS AND SECURITY OFFICIALS
19. SCI Special Security Offices and/or Control Centers. SCI Special Security Offices
and/or Control Centers, as appropriate, shall be established to serve as the focal point(s) for
the receipt, control and accountability of SCI, and other SCI security functions for one or
more SCIFs in the local area. The number of such offices and/or centers shall be determined
locally on the basis of practicality, number of SCIFs to be serviced, organizations involved,
and common sense.
20. SCI Special Security/ Control Officers. Appropriately SCI-indoctrinated Special Security
Officers and/or SCI Control Officers (e.g., SSOs, TCOs and/or BCOs), and alternates
thereto, shall be designated to operate each SCI Special Security Office and/or Control
Center. Such officials shall normally have day-to-day SCI security cognizance over their
offices/centers and subordinate SCI Fs, if any, for that SCI authorized to be handled by orga-
nizations served by them. Responsible SOICs shall provide appropriate training in SCI
security policy and procedures for their SCI special security/ control officers and other SCI
registry/security personnel. SCI Special Security/ Control Officers shall provide advice and
assistance on SCI matters to their organizations and other activities being supported
consistent with specific responsibilities assigned by their SOICs. This may include one or
more of the following:
ensuring that SCI is properly accounted for, controlled, transmitted, destroyed,
packaged, and safeguarded;
6
Approved For Release 2005/12~Wt@ TP87B01034R000500180002-0
Approved For Release 2QWIW041 lA-RDP87B01034R000500180002-0
giving advice and guidance on SCI classification matters, sanitization, downgrading,
decompartmentation, and operational use;
ensuring that SCI is disseminated only to persons authorized access to the material
involved and having an established need-to-know;
conducting or otherwise managing required SCI personnel and physical security
actions and procedures;
investigating SCI security infractions and preparing reports and recommendations as
required;
maintaining listings of available SCI electrical and hardcopy products, validating
product requirements, and ensuring dissemination to authorized users; and/or
conducting required supervision or interface with SCI telecommunications centers,
ADP facilities, and similar offices to ensure SCI security.
INFORMATION SECURITY
21. Standard Classification Marking Requirements. Apply standard security classification
markings (to include classification authority and declassification markings) to SCI according
to Executive Order 12356 or successor orders and Executive Branch implementing directives.
SCI shall always bear the notation "ORIGINATING AGENCY'S DETERMINATION
REQUIRED (OADR)" in lieu of any specific date or event for declassification.
22. SCI Caveats, Codewords, and Designators. Mark SCI with the applicable SCI control sys-
tem caveat at the bottom of all pages of hardcopy documents, to include the front and back
covers, if any. Mark other SCI documents as described elsewhere in this manual. If the mate-
rial is to be controlled in only one SCI control system, use either of the following styles:
"HANDLE VIA (name of SCI control system) CHANNELS ONLY"
"HANDLE VIA (name of SCI control system) CONTROL CHANNELS"
If the material is to be controlled in two or more SCI control systems, use the following style:
"HANDLE VIA (names of SCI control systems) CONTROL CHANNELS
JOINTLY"
Mark SCI codewords, or operational program designators protection immediately following
the security classification on all pages containing requiring SCI protection.
23. Dissemination Control Markings. When applicable to their information content, mark
SCI with the dissemination control markings in the manner prescribed by DCID 1/7,
"Control of Dissemination of Intelligence Information."
24. Portion Marking. Each copy of an SCI document (excluding raw intelligence or working
materials) that is transmitted outside the originating agency or department shall, by marking
or other means, indicate: (1) which portions are classified, with the applicable classification
level, and which portions are not classified; and (2) which portions require SCI codewords, ca-
veats, program designators, or DCID 1/7 control markings.
a. Abbreviations for classifications (i.e., "TS," "S," and "C," in descending order; "U"
to designate unclassified items), authorized digraph or other recognized abbreviations for
codewords and product indicators, authorized abbreviations for SCI control system caveats
and DCID 1/7 control marking short abbreviations shall be used to show the security
protection requirements of portions.
7
CONFIDENTIAL
Approved For Release 2005/12/14: CIA-RDP87B01034R000500180002-0
Approved For Release 2005/122KF1g P87B01034R000500180002-0
b. Alternatively, such as in the case of documents all of whose portions are of the same
level of classification and control, a paragraph or statement on the document may be used to
indicate the security protection requirements of document portions. Unless the usefulness of
the document would suffer thereby, titles of SCI documents shall be so worded as to avoid the
need for compartmented control and to minimize or eliminate the need for classification.
c. SOICs may grant waivers of the portion marking requirements for contractor-
generated SCI when deemed necessary to alleviate an extreme administrative and/or costly
burden. Waivers shall not be considered for any permanently valuable records of the
Government, or for any information transmitted outside the facility. Any information
transmitted outside the facility where it may be used as a source document in the derivative
classification of other information, must be portion marked before its transmittal. Further,
any document upon which the waiver is exercised shall be marked as follows:
"WARNING-THIS DOCUMENT SHALL NOT BE USED
AS A SOURCE FOR DERIVATIVE CLASSIFICATION"
25. Letters or Memoranda of Transmittal.
a. Classified Transmittal Letters. Mark transmittal letters that contain classified
information or SCI with the highest classification and all SCI codewords, caveats, or control
markings in the letter itself or any of its enclosures, with a notation such as the following:
"REGRADE AS (class u cation, caveat/codeword, etc) WHEN SEPARATED
FROM ENCLOSURE(S) AND UPON PHYSICAL REMOVAL OF INAPPRO-
PRIATE SCI CAVEATS, CODEWORDS, AND CONTROL MARKINGS"
In such cases, holders of the letter of transmittal letter must physically remove the
inappropriate markings when the letter of transmittal is separated from the enclosure(s).
b. Unclassified Transmittal Letters. If a transmittal letter is unclassified itself, but has
one or more SCI enclosures, mark it with the highest classification of the enclosure(s) and a
prominent notation such as the following:
"CONTAINS (BYE/TICISI) INFORMATION-
UNCLASSIFIED WHEN APPENDED SCI DOCUMENTS ARE
REMOVED"
In such cases, do not mark the letter of transmittal with the SCI codewords or caveats con-
tained on the enclosure(s).
26. SCI Control Numbers. Originators shall assign a control number to any SCI documents
intended for general distribution to other offices, agencies, or commands, when use of a num-
ber is considered a necessary adjunct to identification, control, or retrieval of the material.
Blocks of control numbers will be assigned to SOICs by the CIA Compartmented
Information Branch or other appropriate authority. Control numbers, at a minimum, shall be
placed in the designated block on cover sheets and. on the front cover (if any) and the title
page (if any)-or, if no cover or title page, on the first page.
a. Each control number shall consist of the identifying letters of the name of the
applicable control system, a number selected on a "one up" basis from the block of numbers
assigned to the control office, and the last two digits of the current year. When a document
contains SCI subject to two or more control systems, assign a control number according to
the established precedence of SCI systems. For example, material containing BYE and TK or
BYE and COMINT material would be assigned a BYE number. Material containing TK and
8
Approved For Release 2005/1rRWY11T~bP87B01034R000500180002-0
Approved For Release 20~5WN aE4N. -RDP87B01034R000500180002-0
COMINT would be assigned a TCS number. SOICs may prescribe special numbering
procedures for contractor-originated SCI.
b. When a control number is used, also assign a copy number to individual documents
(e.g., copy 1 of 3 copies). Show the copy number with the control number. Use a combination
of digits and letters to show reproduced copies (i.e., copy 1A, copy 4C, etc.) or identify the
copies as "Series B," Series C," etc.
27. Specialized Media. Unless specifically excepted by the cognizant SOIC, labeling
requirements for SCI in specialized media are as cited below.
a. Automated Data Processing (ADP) Media. Each media item [e.g., demountable data
and program storage media (magnetic tapes, disk packs, floppy disks, magnetic cassettes),
card decks, punched paper tapes] containing SCI in recorded form shall be externally labeled
to show its classification and applicable SCI control system caveats or codewords. Internal
ADP media identification shall include header and trailer blocks giving all security markings
(i.e., classification; SCI system caveats, codewords, product indicators; and DCID 1/7 control
markings, as applicable).
b. Photographic Media. Photography in roll, flat, or other form containing SCI shall be
labeled with its classification and applicable SCI control system caveats or codewords. For
film in roll form, a label giving the required data shall be placed on the end of the spool
flange, on the side of the spool container, and on the container cover (if any), unless the con-
tainer and its cover are transparent, in which case no label is needed on the container and or
its cover if the flange label is visible through the container. Roll film itself shall include head
and tail sequences giving all security markings applicable to the contents. Positive film flats
or slides shall bear individual internal markings providing the classification and all applicable
SCI and other control markings. The frames of slides shall also be labeled with the
classification and applicable SCI caveats and codewords (which may be abbreviated if
necessary to fit in the space provided).
c. Microform Media:
(1) Microfiche. Each microfiche shall have a heading whose elements are readable
without magnification and which provides the document title, classification, SCI control
number, and, using standard abbreviations, applicable SCI caveats and codewords and
DCID 1/7 control markings. Individual microfiche shall be placed in color-coded
envelopes indicative of the SCI control system(s) applicable to the informational
contents.
(2) Microfilm. Each roll of microfilm shall contain classification and control
information at the beginning and end of the roll. This may be in abbreviated form. Boxes
containing processed film on reels and film cartridges shall be labeled to show the
document title (generic title if more than one document is on the film), the highest secu-
rity classification of the contents, the SCI caveats and codewords applicable to the
filmed information, and any DCID 1/7 control markings that may apply.
d. Electrically Transmitted Traffic. SCI transmitted by accredited electrical or
electronic means resulting in record copy material shall be marked at the top and bottom of
each page (to include each segment of messages printed on perforated paper) with its security
classification, and labeled to show all applicable SCI caveats, codewords and product
designators, and any DCID 1/7 control markings that apply. These markings shall be clearly
shown consistent with the design of the message format being used, except that the overall
9
Approved For Release 26 01!0 ' CIA-RDP87BO1034R000500180002-0
Approved For Release 2005/12/11 FICIA-DP87B01034R000500180002-0
classification and applicable SCI caveat or codeword(s) and product indicator(s), and DCID
[/7 control markings shall precede the text of the message. Paragraph 21 on declassification
marking and paragraph 24 on portion marking shall be applied in the case of record SCI
traffic.
e. Files, Folders, or Groups of Documents. Files, folders or groups of documents shall be
conspicuously marked to assure the protection of all SCI contained therein. Such material
shall be marked on the file folder tab or other prominent location or affixed to an appropriate
SCI cover sheet.
28. Cower Sheets. When it is necessary to guard against unauthorized disclosure to persons
not possessing appropriate SCI accesses, separate cover sheets shall be used. Cover sheets
shall show, by color or other immediately recognizable format or legend, what SCI control
system, or combination of systems, they apply to, and other applicable markings.
29. SCI Accountability and Control Procedures. Each SCIF shall maintain systems of
accountability sufficient to provide for the security of SCI disseminated, received or retained
by its activity, and to assist in the investigation of compromises of SCI documents.
a. Records.
(1) Recordsfor Incoming SC!. Except as provided in b below, a record shall be kept
of all SCI documents received by a SCIF for at least 6 months after receipt of the mate-
rial, or longer, as determined by the holding agency. Records shall identify the material
by control and copy number (if used), originator, a brief description of the material, and
the identity of office(s) within the SCIF that received the material. This will normally be
satisfied by keeping copies of receipts or other records that provide necessary identifying
data. For electrically received record traffic, this requirement may be fulfilled through
retention of standard telecommunications center records for at least 6 months.
Subsequent to this process, no further accountability records or administrative
controls (e.g., internal receipting among activities in the same SCIF, access records,
destruction certificates) are necessary for SCI security purposes while SCI documents
are maintained in or accountable to a receiving SCIF..
(2) Outgoing SCI. Except as provided in b below, a receipt shall be retained and a
record kept for all SCI physically dispatched from the SCI for the preceding 2-year peri-
od. Receipts shall identify the material by control and copy number (if used) and
originator, shall contain a brief description of the material, and identify the recipient.
For Confidential COMINT-related material, this requirement may be fulfilled through
the required Armed Forces Courier Service (ARFCOS) pouch or package receipt or by
other appropriate dissemination records kept by the sender.
b. Raw Intelligence Data. Accountability records are not required for raw intelligence
data that are transmitted from a collection point or facility to a processing facility or are be-
ing processed into a form suitable for analytical use, provided such data remain under the
control of a single Intelligence Community organization, are transmitted only means
authorized herein for SCI, and are accessible only to personnel meeting standards for, and
granted access to, the SCI programs or control systems involved in the data.
c. Working Material. Accountability records are not required for SCI working materials
used exclusively within a SCIF. Examples include preliminary drafts of papers, film chips in
analysts' reference files, analyst transmissions, data base inquiries, and waste materials such
10
Approved For Release 2005/1fR4'F'tiNI*I P87B01034R000500180002-0
Approved For Release 20c0a5~1 141Yi jlA-RDP87B01034R000500180002-0
as carbon paper and stenographic notes. However, such materials must be safeguarded
according to the handling, storage and disposition requirements for SCI documents.
30. Temporary Release of SCI Outside a SCIF. When operational needs require SCI to be re-
leased for processing or temporary use by SCI-indoctrinated persons in non-SCI accredited
areas, such release shall only be accomplished with the consent and under the supervision of
the responsible SCI security/ control officer. The responsible officer shall obtain signed
receipts for SCI released in this manner and shall ensure that conditions of use of the released
material will provide adequate security until the SCI is returned to a SCIF.
3 1. Audits and Inventories. SOICs shall arrange for the conduct, by SCI security/control offi-
cers, of such periodic reviews of SCI held by organizations under their cognizance as will en-
sure that proper accountability is being maintained and that SCI is destroyed when no longer
needed. SOICs and SCI Program Managers may require the inventory of specified SCI
within activities under their cognizance.
32. Reproduction. Reproduction of SCI documents shall be kept to a minimum consistent
with operational necessity. Copies of documents are subject to the same control, accountabil-
ity, and destruction procedures as are the originals. Stated prohibitions against reproduction
shall be honored. Equipment used for SCI reproduction shall be thoroughly inspected and
sanitized before being removed from a SCIF.
33. Transportation/Transmission. SCI may be transmitted from one SCIF to another in a
manner which ensures that it is properly protected.
a. Courier Procedures. SCI may be carried from one SCIF to another by two couriers
approved for this purpose, by diplomatic pouch, or by ARFCOS. Courier procedures shall en-
sure that SCI materials are adequately protected (to the extent possible) against the
possibility of hijacking, loss, exposure to unauthorized persons, or other forms of compromise.
SCI couriers must be active-duty miliary or US Government civilian employees meeting
DCID 1/ 14 standards who are specifically designated for that purpose. Contractors and
consultants are prohibited from couriering SCI unless they have been specifically approved
for such duty for a particular period by the responsible SOIC.
SCI may be carried by a single officially designated courier within US Government or
military installations or between SCIFs in the Washington, DC, metropolitan area.
Additionally, the responsible SOIC may waive the two-courier requirement in other areas, as
appropriate. Material carried by a single courier shall be transported in a securely locked
briefcase or sealed pouch marked "TO BE RETURNED UNOPENED TO (name of
apppropriate organization and telephone number which will be manned at all times) ." No
inner wrapper or container is required under these circumstances.
b. Wrapping Procedures. SCI shall be enclosed for couriering in two opaque envelopes or
be otherwise suitably double-wrapped using canvas bags, cartons, leather or plastic pouches,
or similar containers (see a above for exception). Outer containers shall be secured with tape,
lead seals, tumbler padlocks, or other means which would reasonably protect against
surreptitious access. The inner and outer containers shall be annotated to show the package
number and addresses of the sending and receiving SCIF. The notation "TO BE OPENED
BY THE (appropriate SCI Special Security/Control Officer) " shall be placed above the
pouch address of the receiving SCIF on both containers. The inner wrapper shall contain the
document receipt and the name of the person or activity for whom the material is intended.
11
Approved For Release 20 Y1)R4NTt~k-RDP87B01034R000500180002-0
Approved For Release 2005/12/14: CERDP87B01034R000500180002-0
The applicable security classification and legend "CONTAINS SENSITIVE COMPART-
MENTED INFORMATION" shall appear on each side of the inner wrapper only.
c. Electrical Transmissions. Senders of SCI transmitted electrically or electronically (to
include facsimile, computer, secure voice or any other means of telecommunication) must en-
sure that such transmissions are made only to authorized recipients. Receivers must provide
proper protection for SCI so received. Electrical transmission of SCI shall be limited to spe-
cifically designated and accredited communications circuits secured by an NSA-approved
cryptographic system and/or protected distribution systems. The construction and protection
of SCI telecommunications facilities shall be as prescribed in NFIB/NFIC-9.1/47 and the
effective edition of KAG-1 and superseding NACSI 4000-series publications.
34. Destruction of SCI. SCI shall be retained for the time periods specified in records control
schedules approved by the Archivist of the United States (44 U.S.C. 33 and FPMR 101-
1.1.4). Duplicate information and other nonrecorded copies of SCI documents shall be
destroyed as soon as possible after their purpose has been served. Destruction shall be
accomplished in a manner that will preclude reconstruction in intelligible form. Only those
methods (e.g., burning, pulping, shredding, pulverizing, melting, or chemical decomposition,
depending on the type of materials to be destroyed) specifically authorized by the responsible
SOIC may be used. Destruction shall be supervised and witnessed by at least two SCI-indoc-
trinated persons. SCI in computer or automated data processing systems or other magnetic
media shall be "destroyed" through erasure by approved degaussing equipment or by
executing sanitization procedures specified in the DCI's "Intelligence Community Policy for
the Release of Magnetic Storage Media," 13 March 1974.
RELEASE OF SCI TO CONTRACTORS/CONSULTANTS
35. Policy. Basic DCI policy on release of foreign intelligence to contractors and consultants
(hereafter referred to as contractors) is contained in the attachment to DCID 1/7, "DCI Poli-
cy on Release of Intelligence Information to Contractors and Consultants." SCI may be
released by SOICs or their designated representatives to US Government contractors
according to the following instructions. SOICs may impose more stringent requirements.
a. The release, control, handling, accountability, and destruction of SCI shall be
accomplished pursuant to the provisions of the attachment to DCID 1/7 and this manual.
b. The permission of the originator of the information to be released shall be secured.
(This permission may be granted in the form of lateral agreements between departments and
agencies.)
c. The sponsoring agency or. department shall prescribe as part of the contractual
arrangement the minimum security requirements for safeguarding SCI according to this
Directive. This may include a requirement that the contractor or consultant establish and
maintain SCIF(s). All activities involving SCI (including discussions) shall be conducted in a
SCIF.
d. SOICs of the sponsoring agency or department or their designated security
representative shall perform or have performed a security survey at the contractor or
consultant SCIF prior to release of SCI. The purpose of the survey is to determine that the
SCIF and security procedures established by the contractor or consultant are adequate for
the protection of SCI. Thereafter, periodic security inspections to ensure continuous
compliance with SCI security requirements shall be conducted.
12
Approved For Release 2005/12gP4'F'eR1-P87B01034R000500180002-0
Approved For Release 2005/12/14: CIA-RDP87B01034R000500180002-0
CONFIDENTIAL
e. Decisions on selection of contractors for prospective release must take into account the
potential recipients' past record in properly safeguarding classified material.
f. SCIFs established in industry must be closely monitored by the sponsoring SOIC to
ensure that SCI security procedures are followed and that SCI documents are properly
segregated from other materials held by the contractor. When two or more organizations re-
lease SCI to a given contractor, the organizations involved shall agree on matters of joint SCI
security responsibilities.
36. Foreign Ownership/Dominance. Contractor companies under foreign ownership, control,
or influence shall generally be ineligible for access to SCI activities and information. Foreign
ownership, control, or influence in this instance means that foreign interests own'five percent
or more of a contractor's voting stock, or they are able through lesser holdings to control or
influence the appointment and tenure of the contractor's managing officials. The responsible
SOIC may waive this provision, however, if a review of the circumstances determines that the
following conditions apply: the foreign ownership, control, or influence does not involve
Communist countries or countries otherwise inimical to the United States, and the foreign in-
terests do not have the right to control or influence the appointment or tenure of a
contractor's managing officials. Before a waiver is granted, provision must be made to ensure
that security safeguards exist to prevent disclosure of SCI to any non-US owners and
managing officials. Should foreign ownership increase beyond five percent during the course
of a contract, a review of the contractor's eligibility for continued access shall be made by the
responsible SOIC.
LEGISLATIVE BRANCH ACCESS TO SCI
37. Policy.
a. As an underlying principle, access to intelligence information shall be consistent with
the protection of intelligence sources and methods. Normally, Congressional requests for
intelligence information can be satisfied at the collateral (i.e., non-SCI) level, but, in certain
instances, there may be a need for access to SCI. In these instances, every effort shall be
made to exclude, to the extent possible, data on intelligence sources and methods.
b. Members of Congress may be provided access to SCI on a need-to-know basis without
a security investigation or adjudication. Heads of organizations within the Intelligence
Community or program managers providing SCI shall provide briefings on the sensitivity and
vulnerability of the information, and the sources and methods involved, as required to ensure
proper protection.
c. Access to SCI by staff members of the Senate Select Committee on Intelligence
(SSCI) and the House Permanent Select Committee on Intelligence (HPSCI) are governed by
Memoranda of Understanding (MOU) executed by the Chairmen of these Committees and
the DCI. Provision of information and materials to these Committees shall be in accordance
with mutually agreed upon existing arrangements with the Committees.
d. Requests for SCI access approvals for other Legislative Branch personnel shall be re-
ferred to the Chief of Legislative Liaison for DCI approval. Requests must be in writing by
committee or subcommittee chairmen and clearly describe the nominee's need-to-know.
Issues arising with regard to particular requests shall be referred to the DCI for resolution.
13
Approved For Release 20 O 12 t4 lA-RDP87B01034R000500180002-0
Approved For Release 2005/12/14: CIA-RDP87BO1034R000500180002-0
CONFIDENTIAL
Unless otherwse authorized by the DCI, approval for SC][ access for Legislative Branch staff
personnel shall be limited to:
(1) permanent staff personnel of appropriate Congressional committees and
subcommittees;
(2) selected employees of the General Accounting Office and the Library of
Congress; and
(3) selected members of the staffs of the Leadership of the House and Senate, as
agreed by the DCI and the Leadership.
38. Verification Requirement. The DCI's Chief of Legislative Liaison will verify, in
coordination with program managers and on behalf of the DCI, the need of persons in the
Legislative Branch, other than members of Congress, for SCI access. Verifications shall be
based on such persons' job responsibilities in the following areas:
a. direct involvement in authorization legislation pertaining to Intelligence Community
organizations;
b. direct involvement in appropriations legislation for Intelligence Community
organizations;
c. direct involvement in reviews authorized by law of activities of Intelligence Communi-
ty organizations; and
d. direct involvement in other legislative matters which, of necessity, require direct SCI
access.
39. Access Approval procedures.
a. SCI access approvals may be granted to staff personnel in the Legislative Branch, de-
scribed above, who possess a Top Secret collateral clearance and who meet the investigative
standards set forth in DCID 1 / 14. Requests for exceptions to this policy shall be referred to
the DC]['s Chief of Legislative Liaison. The requester of the SCI access approval is
responsible for assuring the conduct of an appropriate investigation. Reports of investigation
shall be reviewed by the CIA Director of Security to assure uniform application of DCID
1/14 security criteria. The granting of access approvals shall be coordinated with the
appropriate program managers, as agreed by the DCI.
b. Staff personnel in the Legislative Branch receiving SCI access approvals shall be pro-
vided appropriate security briefings by the CIA Special Security Center and shall sign NdAs
before receiving SCI access. SCI access approvals shall be recorded in the 4C system
(paragraph 8). Copies of NdAs shall be provided to program managers who request them.
c. The DCI's Chief of Legislative Liaison shall be notified promptly of employee job
changes or terminations to ensure updating of the 4C system and appropriate debriefing of
the employee. SCI access approvals of Legislative Branch employees must be withdrawn or
revalidated if an employee leaves the specific position for which access was authorized.
d. SCI shall be made available to committee and subcommittee members only through
or under the authority of the chairman of the Congressional committee or subcommittee
concerned.
40. Handling and Storage of SCI.
a. Any Intelligence Community organization that provides SCI to Congress shall ensure
that the handling and storage of such information conforms to the requirements in
14
Approved For Release 2005/1 2 NFel RS.P87B01034R000500180002-0
Approved For Release 2005/12/14: CIA-RDP87BO1034R000500180002-0
CONFIDENTIAL
NFIB/NFIC-9.1/47 (see paragraph 12) or successor policy statements. SCIFs shall be
accredited by the CIA Special Security Center. Where adequate provisions cannot be made
for the handling and storage of SCI, no such information may be provided without the ap-
proval of the DCI.
b. Any Intelligence Community organization that provides testimony or briefings
involving SCI to persons in the Legislative Branch shall do so according to the following secu-
rity measures:
(1) A thorough physical security and audio countermeasures inspection of the room
where testimony or briefing will occur must be conducted immediately before the
presentation, unless the premises are maintained in a secure status. Audio countermea-
sures surveillance of the premises should also be maintained during the presentation, un-
less the premises are maintained in a secure status.
(2) All persons present, other than elected officials, including transcribers and other
clerical personnel, must be certified for access to the SCI being discussed. Arrangements
shall be made to monitor entrances to the room where the presentation will be given to
exclude unauthorized persons.
(3) All transcriptions or notes that result from briefings or testimony must be
handled and stored according to the SCI security requirements as specified in a, above.
(4) The room in which a presentation is given must be inspected after the
presentation to ensure that all SCI is properly secured.
(5) Any Intelligence Community organization that provides SCI to a Congressional
committee, other than a committee routinely involved in the oversight and appropria-
tions processes of Intelligence Community organizations, shall endeavor to provide such
information through the SSCI or HPSCI, as appropriate. The SSCI and HPSCI both
have facilities that meet the NFIB/NFIC-9.1/47 requirements and personnel trained in
SCI handling procedures. The committee requesting the information shall contact the
HPSCI or SSCI and obtain their permission to use their facilities prior to the transmittal
of the information. Where possible, custody of such information shall remain with the
Intelligence Community organization concerned. Where such information must be
physically transferred, efforts shall be made beforehand to eliminate or minimize the
risk of exposure of SCI sources and methods.
41. Marking SCI Released to Congress. SCI being prepared for release to Members of
Congress and Congressional committees shall be marked with all applicable classifications,
SCI caveats, codewords, project indicators and DCID 1/7 control markings. The term
"SENSITIVE" may not be used instead of, or in addition to, SCI markings. Releasing
agencies shall ensure, through their legislative offices or comparable elements, that
Congressional committee staff employees, and employees of the Library of Congress and the
General Accounting Office, have clearances and SCI access authorizations appropriate for
receipt of the material involved. Releasing agencies also shall ensure that SCI being provided
Legislative Branch components is stored in accredited SCIFs.
JUDICIAL BRANCH ACCESS TO SCI
42. Policy. Pursuant to the Classified Information Procedures Act of 1980 (CIPA) (Public
Law 96-456. 94 Stat. 2025 18 U.S.C. Appendix 4) and the "Security Procedures Established
Pursuant to Public Law 96-456. 94 Stat. 2025 18 U.S.C. Appendix 4, By The Chief Justice
15
Approved For Release 200 12P I':T 4LAIA-RDP87BO1034ROO0500180002-0
Approved For Release 2005/12/14: CIA-RDP87BO1034R000500180002-0
CONFIDENTIAL
of the United States For The Protection of Classified Information," dated 12 February 1981,
arrangements for the care, custody, and control of SCI material involved in any federal crim-
inal case shall be the responsibility of the Department of Justice (DOJ) Security Officer in co-
ordination with the appropriate Executive Branch agency security representative.
a. An SCI access authorization for federally appointed judges and justices is not
required. If desired, however, an SCI authorization can be granted and a formal briefing pre-
sented to the requesting ,judge/justice through coordination with the DOJ Security Officer.
b. Magistrates, immigration commissioners, administrative law judges, hearing commis-
sioners, and other such court officials., who are not appointed by the Federal Government, or
who have not been subjects of background investigations as part of the appointment process,
must obtain SCI access authorization.
c. All other court, government, or support personnel (law clerks, attorneys, US Marshals,
courtroom clerks, court reporters, administrative officers, secretaries, etc.), who have a
validated need-to-know, must obtain SCI access authorization.
d. The Government may obtain, consistent with the CIPA and its "Security Proce-
dures," as much information as possible in its attempt to make an adjudication pursuant to
DCID 1/ 14, for those individuals acting for the defense.
e. There is no requirement for investigation or SCI access authorization for members of
the jury.
f. A Court Security Officer (CSO) shall be appointed by the Court from recommenda-
tions submitted by the DOJ Security Officer and with the concurrence of the head of any In-
telligence Community entity (or his/her designee) from which the case-related SCI origi-
nates. The CSO is responsible for ensuring compliance with the CIPA and all other
applicable directives and regulations concerning the safeguarding of SCI; and, for providing
SCI security support, as needed, for all persons involved in the particular case.
43. SCI[ Access Verificatiion. Requirements for SCI access shall be provided to the CSO who
shall notify the DOJ Security Officer. The DOJ Security Officer shall coordinate require-
ments with agencies/program managers involved.
44. SCII Access Eligibility Determination Procedures. SCI access will be authorized by the
DOJ Security Officer, who is responsible for adjudicating the results of investigations
required by DCID 1 / 14.
a. The Court, and other appropriate officials, shall be notified in writing by the DOJ Se-
curity Officer of SCI access approvals.
b. SCI briefings shall be provided by DOJ Special Security Center (SSC) personnel, or
by an appropriately indoctrinated representative with the DOJ SSC.
45. Handling and Storage of SCI. Matters pertaining to the handling, storage, and disposition
of SCI shall be coordinated with the CSO who is responsible for ensuring that proper
safeguarding procedures are established and that adequate storage is provided for SCI
pursuant to the CIPA Security Procedures and this manual. These matters shall be
coordinated with the U.S. Intelligence Community entities originating the SCI case material.
46. Additional Details. Additional details/information may be found in the CIPA and/or the
"Security Procedures," which may be obtained from the DOJ SSC. Any question concerning
the interpretation of any security requirement contained in the CIPA security procedures
16
Approved For Release 2005/'[M44IDOU RDP87B01034R000500180002-0
Approved For Release 20,p 41 114 ' RIA-RDP87B01034R000500180002-0
NTI
shall be resolved by the Court in consultation with the DOJ Security Officer and the
appropriate Executive Branch agency security representative.
SCI SECURITY VIOLATIONS/COMPROMISES
47. Individual Responsibilities. All possible security violations or compromises involving SCI
shall be immediately reported to the applicable SCI Security/ Control Officer. Immediate
action shall be taken to maintain the physical security of SCI documents discovered in an in-
secure environment until such material can be restored to SCI control. SOICs shall ensure
that persons under their cognizance are advised and periodically reminded of these
responsibilities.
48. Investigations. SOICs shall establish procedures within their organizations to ensure that
all reported actual or potential security violations or compromises occurring in areas subject
to their jurisdiction are properly investigated to determine if there is a reasonable likelihood
that a compromise may have occurred.
a. If so, the cognizant SOIC, or other authority designated by the SOIC, shall
immediately report the incident to the appropriate Intelligence Community program
manager. An investigation shall be conducted to identify full details on the violation/ compro-
mise, and to determine what specific information was involved, what damage resulted, and
whether culpability was involved in the incident.
b. If the case involves an inadvertent disclosure, the SCI Security/ Control Officer is ex-
pected to exercise his or her best judgment as to whether the interests of SCI security are well
served by seeking written agreements from unindoctrinated persons to whom SCI has been
inadvertently disclosed. If the judgment is that those interests are so served, the person(s) in-
volved sign an inadvertent disclosure agreement, and the responsible SCI Security/ Control
Officer has reason to believe that the person(s) will maintain absolute secrecy over the SCI in-
volved, the report of investigation may conclude that no compromise occurred.
c. The form of inadvertent disclosure agreement may be developed by SOICs, but shall,
in all cases, be structured so that it conveys no classified information itself, emphasizes that
there is no time limit on the need to safeguard the disclosed data, reminds the signer of the
provisions of the Espionage Statutes, and commits the signer to certifying his or her
understanding of the situation and to affirming that he or she will never, without proper au-
thority, disclose or discuss the information with any other person.
d. When investigations show that SCI was inadvertently disclosed to foreign nationals,
or that cases under investigation involve damage deemed significant by the cognizant SOIC,
espionage, flagrant dereliction of security duties, or serious inadequacy of security policies
and procedures, summaries of the investigations and of related actions shall be provided to
the DCI by the responsible SOIC. The DCl Security Committee is the preferred channel for
such reporting.
49. Corrective Action. Investigating oficers shall advise cognizant SOICs of weaknesses in se-
curity programs and recommend corrective action(s). SOICs are responsible for ensuring that
appropriate corrective action is taken in all cases of actual security violations and
compromises. Administrative sanctions imposed in cases of demonstrated culpability shall be
recorded in security files of the responsible SOIC. Security deficiencies identified by
investigation to have contributed directly to the incident shall be corrected if it is within the
capability of the SOIC concerned; if not, full details and recommendations on corrective
measures shall be provided to the DCI through the DCI Security Committee.
17
Approved For Release 206?A~FITT"cFA-RDP87B01034R000500180002-0
Approved For Release 2005/12/14: CIA-RDP87BO1034R000500180002-0
CONFIDENTIAL
50. Policy. Periodic inspections of SCIFs by the responsible SOIC are mandatory.
Inspections shall be performed by persons knowledgeable of SCI storage, control, and
protection procedures and shall be designed to ensure that procedures and safeguards comply
with the requirements of NFIB/N FIC-9.1/47, this manual, and other applicable directives.
Inspection reports shall be retained in the files of the accrediting organization. Intelligence
Community organization inspection reports of joint SCIFs may be accepted by any other or-
ganization which uses the SCIF as valid findings of the degree of compliance with applicable
security standards. Inspection reports shall identify any deficiencies found and the status of
actions taken to correct them.
18
Approved For Release 2005/12A~R~fNJkb87B01034R000500180002-0