DIRECTOR OF CENTRAL INTELLIGENCE DIRECTIVE NO. 1/19 SECURITY POLICY FOR SENSITIVE COMPARTMENTED INFORMATION (SCI) (U)

Approved For ReleaseMIDENIFIALB01034R00050W041-7 Arr: 14 Apr 82 DIRECTOR OF CENTRAL INTELLIGENCE DIRECTIVE NO. 1/191 SECURITY POLICY FOR SENSITIVE COMPARTMENTED INFORMATION (SCI) (U) (Effective 1982) Pursuant to Section 102 of the National Security Act of 1947, ap- plicable Executive Orders, and National Security Council Intelligence Directives, this directive and the attached manual establish security policy for the security, use, and dissemination of Sensitive Compart- mented Information (SCI). (U) 1. Applicability The controls and procedures in this directive and the attached manual shall be applied by all Intelligence Community agencies. In- telligence Community agencies which release or provide SCI to contrac- tors, consultants, or other government departments or agencies shall ensure beforehand that the intended recipients agree to follow this policy in their own handling and accountability of SCI. Policy and procedures in this directive shall be reflected in other Intelligence Community directives relative to this matter. This directive is not intended to intrude on the authority of Ex- ecutive Agents or other operational program directors who will continue to prescribe basic operational direction for programs under their cognizance. (U) 2. General Specific guidance on what information should be classified and protected as SCI is provided in other documents issued by or pursuant to the authority of the Director of Central Intelligence. Principles and details governing and defining information to be protected by a specified SCI control system shall be included in system manuals and regulations. Such documentation shall also include instructions for decompartmentation, sanitization, release to foreign governments, emergency use (when those actions are feasible and permissible), and additional security policy for the protection of information controlled in SCI sUbcompartments. (U) 3. Finished Intelligence Products In order to improve protection of intelligence sources and methods that have been determined to warrant special control, all intelligence 1This directive supersedes DCID No. 1/19, effective 6 June 1978. CLASSIFIED BY: DECLASSIFY ON: ORIGINATING AGENCY'S DETERMINATION REQUIRED Approved For Release 2005/12/14 VIR7B01034R000500180041-7 CONFID E Approved For Release tkelIFIDEI4.lflAtB01034R000500180041-7 production elements shall take special care to ensure that data on such sources and methods are excluded to the extent possible from finished intelligence products. To provide this protection, producers of finished intelligence shall: a. Avoid production which must be handled in compartments in- tended to protect collection efforts (e.g., B) because it limits the utility of the product and/or results in proliferation of access to collection system-oriented compartments. b. Abide by the total prohibition against using in a product- oriented compartment (e.g., TK) any SCI that has been identified as warranting compartmentation in a collection-oriented special access program (e.g., B). Such practice voids the utility of separating sources and methods from product information. c. Ensure that unavoidable references to SCI sources are as non-specific as practicable. Generalized discussion of compartmented collection capabilities is permitted in finished intelligence products provided that the products are themselves compartmented. Discussion of specific details concern- ing collection system sources or methods which are protected by special access programs should not normally be contained in finished intelli- gence. When treatment of a particular subject in finished intelligence products requires detailed discussion of compartmented sources and methods, a special supplement, appropriately controlled, is the prefer- red vehicle. Finished intelligence may contain discussion of gaps in intelligence collection on specific problems or areas, of the general capabilities of collection systems to provide indications warning and as a measurement of the reliability of sources to the extent that analytical judgments would be effected. The policy of constraint on the use of compartmented information on sources and methods in finished intelligence products applies to all Intelligence Community publications, including the National Intelli- gence Daily, Interagency Memoranda, National Intelligence Estimates and Alert Memoranda. It also applies to all the finished intelligence production of individual agencies, including formal and informal memo- randa and studies. (C) (DRAFT) WILLIAM J. CASEY Director of Cental Intelligence Attachment: DCI Security Policy Manual for SCI Control Systems 2 Approved For Release 2005/12/14: CIA-RDP87601034R000500180041-7 CONFIDENTIAL Approved For ReleasecoNFIDENTFIAtpoi 034R000500180041-7 DIRECTOR OF CENTRAL INTELLIGENCE SECURITY POLICY MANUAL FOR SCI CONTROL SYSTEMS [Attachment to DCID 1/19, "Security Policy for Sensitive Compartmented Information (SCI)"] TABLE OF CONTENTS Introduction Definitions PERSONNEL SECURITY Paragraph Page 1 1 1 General 2 Need-to-Know Policy 3 Standards 4 SCI Nondisclosure Agreements (NdAs) 5 Recording Indoctrinations and Debriefings ? ? ? ? 6 Access Approvals 7 Central Registry 8 Security Indoctrination and Education 9 Foreign Contacts 10 SCI Travel and Assignment Security Policy . ? ? ? 11 PHYSICAL SECURITY Construction and Protection Standards Accreditation of SCIFs Emergency Plans Two-Person Rule 12 13 14 15 TECHNICAL SECURITY Technical Surveillance Countermeasures 16 Compromising Emanations Control Security (TEMPEST) 17 Automated Data Processing (ADP) Security 18 SCI DOCUMENT CONTROL OFFICES/CENTERS AND SECURITY OFFICIALS SCI Special Security Offices and/or Control Centers 19 SCI Special Security/Control Officers 20 Approved For Release 2005/12/14: CIA-RDP87601034R000500180041-7 CONFIDENTIAL Approved For Release F1DEIMALB01034R000500180Q41-7 DRAFT: 14 Apr 82 DIRECTOR OF CENTRAL INTELLIGENCE DIRECTIVE NO. 1/191 SECURITY POLICY FOR SENSITIVE COMPARTMENTED INFORMATION (SCI) (U) (Effective 1982) Pursuant to Section 102 of the National Security Act of 1947, ap- plicable Executive Orders, and National Security Council Intelligence Directives, this directive and the attached manual establish security policy for the security, use, and dissemination of Sensitive Compart- mented Information (SCI). (U) 1. Applicability The controls and procedures in this directive and the attached manual shall be applied by all Intelligence Community agencies. In- telligence Community agencies which release or provide SCI to contrac- tors, consultants, or other government departments or agencies shall ensure beforehand that the intended recipients agree to follow this policy in their own handling and accountability of SCI. Policy and procedures in this directive shall be reflected in other Intelligence Community directives relative to this matter. This directive is not intended to intrude on the authority of Ex- ecutive Agents or other operational program directors who will continue to prescribe basic operational direction for programs under their cognizance. (U) 2. General Specific guidance on what information should be classified and protected as SCI is provided in other documents issued by or pursuant to the authority of the Director of Central Intelligence. Principles and details governing and defining information to be protected by a specified SCI control system shall be included in system manuals and regulations. Such documentation shall also include instructions for decompartmentation, sanitization, release to foreign governments, emergency use (when those actions are feasible and permissible), and additional security policy for the protection of information controlled in SCI subcompartments. (U) 3. Finished Intelligence Products In order to improve protection of intelligence sources and methods that have been determined to warrant special control, all intelligence 1This directive supersedes DCID No. 1/19, effective 6 June 1978. CLASSIFIED BY: DECLASSIFY ON: ORIGINATING AGENCY'S DETERMINATION REQUIRED Approved For ReleasedMECAPCB01034R000500180041-7 Approved For Release CONFIDENITAIT01034R000500180041-7 production elements shall take special care to ensure that data on such sources and methods are excluded to the extent possible from finished intelligence products. To provide this protection, producers of finished intelligence shall: a. Avoid production which must be handled in compartments in- tended to protect collection efforts (e.g., B) because it limits the utility of the product and/or results in proliferation of access to collection system-oriented compartments. b. Abide by the total prohibition against using in a product- oriented compartment (e.g., TK) any SCI that has been identified as warranting compartmentation in a collection-oriented special access program (e.g., B). Such practice voids the utility of separating sources and methods from product information. C. Ensure that unavoidable references to SCI sources are as non-specific as practicable. Generalized discussion of compartmented collection capabilities is permitted in finished intelligence products provided that the products are themselves compartmented. Discussion of specific details concern- ing collection system sources or methods which are protected by special access programs should not normally be contained in finished intelli- gence. When treatment of a particular subject in finished intelligence products requires detailed discussion of compartmented sources and methods, a special supplement, appropriately controlled, is the prefer- red vehicle. Finished intelligence may contain discussion of gaps in intelligence collection on specific problems or areas, of the general capabilities of collection systems to provide indications warning and as a measurement of the reliability of sources to the extent that analytical judgments would be effected. The policy of constraint on the use of compartmented information on sources and methods in finished intelligence products applies to all Intelligence Community publications, including the National Intelli- gence Daily, Interagency Memoranda, National Intelligence Estimates and Alert Memoranda. It also applies to all the finished intelligence production of individual agencies, including formal and informal memo- randa and studies. (C) (DRAFT) WILLIAM J. CASEY Director of Cental Intelligence Attachment: DCI Security Policy Manual for SCI Control Systems 2 Approved For Release 2005/12/14: CIA-RDP87601034R000500180041-7 CONFIDENTIAL Approved For Release M qs ? ? F1BENTFIlAt71301034R000500180041-7 DIRECTOR OF CENTRAL INTELLIGENCE SECURITY POLICY MANUAL FOR SCI CONTROL SYSTEMS [Attachment to DCID 1/19, "Security Policy for Sensitive Compartmented Information (SCI)"] TABLE OF CONTENTS Introduction Definitions Paragraph ?age 1 1 1 PERSONNEL SECURITY General 2 Need-to-Know Policy Standards 4 SCI Nondisclosure Agreements (NdAs) 5 Recording Indoctrinations and Debriefings . . . . 6 Access Approvals 7 Central Registry 8 Security Indoctrination and Education 9 Foreign Contacts 10 SCI Travel and Assignment Security Policy ? ? ? 11 PHYSICAL SECURITY Construction and Protection Standards 12 Accreditation of SCIFs 13 Emergency Plans 14 Two-Person Rule 15 TECHNICAL SECURITY Technical Surveillance Countermeasures 16 Compromising Emanations Control Security (TEMPEST) 17 Automated Data Processing (ADP) Security 18 SCI DOCUMENT CONTROL OFFICES/CENTERS AND SECURITY OFFICIALS SCI Special Security Offices and/or Control Centers 19 SCI Special Security/Control Officers 20 Approved For Release 2005/12/14: CIA-RDP87601034R000500180041-7 CONFIDENTIAL Approved For Release goNFIDEN-TtA4/1301034R000500180041-7 INFORMATION SECURITY Paragraph Standard Classification Marking Requirements . . 21 SCI Caveats, Codewords, and Designators 22 Dissemination Control Markings 23 Portion Marking 24 Letters of Transmittal 25 SCI Control Numbers 26 Specialized Media 27 Cover Sheets 28 SCI Accountability and Control Procedures ? ? ? ? 29 Temporary Release of SCI Outside a SCIF 30 Audits and Inventories 31 Reproduction 32 Transmission 33 Destruction of SCI 34 RELEASE OF SCI TO CONTRACTORS/CONSULTANTS Policy 35 Foreign Ownership/Dominance 36 LEGISLATIVE BRANCH ACCESS TO SCI Policy 37 Verification Requirement 38 Access Approval Procedures 39 Handling and Storage of SCI 40 Marking SCI Released to Congress 41 JUDICIAL BRANCH ACCESS TO SCI Policy 42 SCI Access Verification 43 SCI Access Eligibility Determination Procedures 44 Handling and Storage of SCI 45 Additional Details 46 SCI SECURITY VIOLATIONS/COMPROMISES Individual Responsibilities 47 Investigations 48 Corrective Action 49 INSPECTIONS Policy 50 Approved For Release 2005/12/14: CIA-RDP87601034R000500180041-7 CONFIDENTIAL Page Approved For Release '111! FID:EN11AL7B01034R000500180041-7 SECURITY POLICY MANUAL FOR SCI CONTROL SYSTEMS Introduction This manual contains security policy and procedures common to the several SCI control systems for the protection of intelligence informa- tion. Users should refer to DCIDs and other documents referenced herein for specific guidance on the functional areas they cover. Users are also reminded that they should*refer to the applicable SCI control system manuals or directives for guidance on what information is to be classified at what level and protected by compartmentation. Questions on this manual should be directed to the DCI Security Committee (SECOM) if not answerable by security components of Intelli- gence Community organizations. As this manual sets forth security policy and procedures for SCI control systems, it merits and warrants the overall classification of CONFIDENTIAL in its totality. Individual paragraphs may be excised for use at the unclassified level by Senior Officials of the Intelli- gence Community (SOICs), Senior Intelligence Officers (SI0s), their designees, or SCI Special Security/Control Officers, when considered appropriate. 1 Approved For Release 2005/12/14: CIA-RDP87601034R000500180041-7 CONFIDENTIAL Approved For Release e9iFIDERALB01034R000500180041-7 1. Definitions ?a. Document?any recorded information regardless of its physical form or characteristics, including, without limitation, written or printed matter, automated data-processing storage media, maps, charts, paintings, drawings, photos, engraving, sketches, working notes and papers, reproductions of such things by any means or process, and sound, voice, magnetic or electronic recordings in any form. b. Hard Copy Document?any document that is initially published and distributed by the originating component in paper form and that is not stored or transmitted by electrical means. c. Intelligence Community--those United States organizations and activities identified in Executive Order 12333 or successor order as making up such community. d. Raw Intelligence--collected intelligence information which has not yet been converted into intelligence. e. Sensitive Compartmented Information (SCI)--all information and materials requiring special community controls indicating restricted handling within present and future community intelligence collection programs and their end products. These special Community controls are formal systems of restricted access established by the Director of Cen- tral Intelligence (DCI) to protect the sensitive aspects of sources, methods and analytical procedures of foreign intelligence programs. The term does not include Restricted Data as defined in Section II, Public Law 585, Atomic Energy Act of 1954, as amended. f. SCI Facility (SCIF)--an accredited area, room, group of rooms, or installations where SCI may be stored, used, discussed and/or electronically processed. g. Senior Intelligence Officer (SIO)--the highest ranking indi- vidual who is charged with direct foreign intelligence missions/func- tions/responsibilities within a component, command, or element of an Intelligence Community organization. When an SIO has been delegated authorities provided for in this manual by a Senior Official of the Intelligence Community (SOIC), the SIO will be responsible for imple- menting the policies and procedures of this manual for his/her respec- tive Intelligence Community component. h. Senior Officials of the Intelligence Community (SOIC)--for the purposes of this manual, SOICs are defined as the heads of organiza- tions within the Intelligence Community, as defined by Executive Order 12333, or their designated representatives. Formerly known as Intel- ligence Community Senior Intelligence Officers (SI0s). PERSONNEL SECURITY 2. General. The protection of SCI is directly related to the thor- oughness and effectiveness of the personnel security program applicable 2 Approved For Release 2005/12/14: CIA-RDP87601034R000500180041-7 CONFIDENTIAL Approved For Release is F1DERIALB01034R000500180041-7 to those individuals having access to such information. An interlock- ing and mutually supporting series of program elements (e.g., need-to- know, investigation and adjudication in accordance with DCID 1/14, "Minimum Personnel Security Standards and Procedures Governing Eligi- bility for Access to SCI," binding contractual obligations on those granted access, security orientation and continuing security oversight) can provide reasonable assurances against compromise of SCI by those authorized access to it. 3. Need-to-Know Policy. The first personnel security principle in safeguarding SCI is to ensure that only those persons with a clearly identified need-to-know are granted access to it. Need-to-know is a determination by an authorized holder of classified information that access to specific classified material in his or her possession is _ required by one or more other persons to perform a specific and of- ficially authorized function essential to accomplish a national secu- rity task or as required by Federal Statute, Executive Order, or di- rectly applicable regulation. 4. Standards. Personnel security standards, reporting of data bear- ing on SCI eligibility, investigative requirements, reinvestigations, adjudications, and supervisory security responsibilities shall be in accordance with DCID 1/14. 5. SCI Nondisclosure Agreements (NdAs): All persons holding or being given SCI access shall sign an, NdA. Failure to sign an NdA is cause to deny or revoke existing SCI access for the refusing person. The NdA establishes explicit obligations on both the Government and the individual signer in the interest of pro- tecting SCI. Form 4193, "Sensitive Compartmented Information Nondis- closure Agreement," is available for use. It includes a prepublication review provision. Use of a prepublication review provision in any alternative form of NdA is mandatory. Any department or agency elect- ing to use an alternative form of NdA shall use it without exception for all SCI accesses. Further information on Form 4193 may be found in the July 1981 "Questions and Answers for Use with the Sensitive Compartmented Infor- mation Nondisclosure Agreement" prepared for use by government and industry security officers. 6. Recording Indoctrinations and Debriefings. Briefing officers shall appropriately record certifications of all SCI indoctrinations and debriefings they accomplish. Administrative guidance on NdAs, indoctrination and debriefing forms, and related procedures shall be specified by SOICs for areas under their cognizance. 7. Access Approvals. When need-to-know has been established and investigative results have been satisfactorily adjudicated, SCI ac- cesses shall be granted and formally recorded. 3 Approved For Release 2005/12/14: CIA-RDP87601034R000500180041-7 CONFIDENTIAL Approved For Release term EN1tAtB01034R000500180041-7 a. Authority. SCI accesses shall be granted by the SOIC having cognizance of the persons involved. For persons in non-NFIB govern- ment organizations, SCI accesses are granted by the DCI through the CIA Special Security Center (SSC). Unless specifically delegated, ap- proval authority for access to certain operational or collection sys- tems is retained by the cognizant program manager, executive agent or national authority. Administrative procedures governing the granting of SCI accesses shall be specified by SOICs for their organi- zations. b. General SCI Access Approvals--"PROXIMITY." A "PROXIMITY" ac- cess approval may be granted by, and at the discretion of, the cogni- zant SOIC to persons who closely support SCI collection, processing or use, but whose duties do not warrant granting substantive SCI access approvals. PROXIMITY allows the holder to perform his or her duties in support of any SCI control system provided the tasks do not involve visual or aural access to clear text, intelligible SCI. (1) PROXIMITY access approvals may also be granted, accord- ing to the criteria in (2) below, when a person is authorized one or more SCI access approvals. For example, substantive access to COMINT may be required when PROXIMITY access will suffice for another SCI access. (2) Minimum criteria for PROXIMITY approval are: (a) The nature of the individual's support to SCI in- volves a substantial latent risk of exposure to SCI through inadvert- ence or a deliberate effort by the individual. (b) Approval for a specific SCI system or project would provide the person more information than needed, either in the indoc- trination or by virtue of the access approval, or both. (c) The individual does not need to know substantive SCI in order to perform his or her function and shall not receive access in the normal course of his or her duties. (d) The individual's potential for access is such that personnel security assurances provided through investigations and adjudication for collateral clearances are not deemed adequate by the cognizant SOIC or designee. (3) Persons determined by their SOIC to require PROXIMITY approval shall be processed to DCID 1/14 personnel security stand- ards. They shall be given a non-SCI revealing briefing notifying them that their duties may bring them in close proximity to highly sensitive government information; cautioning them to report to their security officer any inadvertent access involving them; and providing them a generalized description of the appearance of SCI documents (e.g., material may have color-coded cover sheets, and shall bear handling system caveats) to enable them to recognize such material if it is exposed to them. 4 Approved For Release 2005/12/14: CIA-RDP87601034R000500180041-7 CONFIDENTIAL Approved For Release GoNFIDENTIAtzB01034R000500180041-7 (4) NdAs are required of persons being granted PROXIMITY approval to obligate them to observe the agreement's provisions with respect to any SCI of which they might gain knowledge. If an inad- vertent disclosure is made to a person with PROXIMITY approval, that person shall be given a security briefing to ensure that he or she understands the applicability of the NdA and his or her obligations under it. (5) SOICs shall administer PROXMIMITY approvals for those persons they sponsor. Once granted, the PROXIMITY approval is valid within the cognizance of the granting SOIC. (6) To the extent that SOICs find it practicable, individuals already holding substantive access approvals may be converted to PROX- IMITY if they meet the tests for such. Those so converted shall be cautioned not to discuss with other PROXIMITY approved persons their previously acquired knowledge of SCI. SOICs are expected to exercise prudence in extending PROXIMITY approvals to persons and positions not now requiring SCI access approvals in order to avoid undue burden on the SCI personnel security system. Substantive access approval re- quests shall normally take precedence over PROXIMITY requests. 8. Central Registry. A Community-Wide, Computer Assisted, Compart- mentation Control System (4C system) is being established by the DCI. Each SOIC granting or terminating SCI accesses and PROXIMITY approvals shall record such actions in the 4C system. SOICs are responsible to establish procedures for the certification of SCI accesses to other components. 9. Security Indoctrination and Education. Prior to signing the NdA or being afforded access to SCI, persons approved for SCI access shall be given a non-SCI revealing briefing on the general nature and procedures for protecting the SCI to which they will be exposed, advised of their obligations both to protect that information and to report matters of security concern, and allowed to express any reservations concerning the NdA or access to SCI. Subsequent to signing the NdA, persons shall be fully indoctri- nated on the aspects of the SCI to which they are authorized and have a demonstrated need-to-know. All. persons granted SCI access shall periodically be advised of their continuing security responsibilities and of security threats they may encounter. DCI SECOM-D-543, July 1979, "Minimum Standards for Security Awareness Programs in the U. S. Intelligence Community," provides guidance. 10. Foreign Contacts. Close, continuing personal associations with foreign nationals by persons with SCI access are of security concern. Persons with SCI access shall be informed of their continuing respon- sibility to report all non-official contacts with representatives or citizens of Communist-controlled countries and of other countries which are hostile to the United States. SOICs shall ensure that their 5 Approved For Release 2005/12/14: CIA-RDP87601034R000500180041-7 CONFIDENTIAL Approved For Release ORIFIDENTRIMIB01034R000500180041-7 SCI-indoctrinated personnel are kept informed of which countries are of concern in this regard. SCI-indoctrinated persons are also respon- sible for reporting contacts with persons from other than Communist- controlled or hostile countries whenever those persons show undue or persistent interest in employment, assignment, or sensitive national security matters. Contacts, or failure to report contacts, in either of the above situations shall result in reevaluation of eligibility for continued SCI access by the cognizant SOIC. Casual contacts aris- ing from living in a community and which do not fall within either of the above situations normally need not be reported. ? 11. SCI Travel and Assignment Security Policy. Persons with current SCI access who plan unofficial travel to, or who are being assigned to duty in, foreign countries and areas, particularly those identified in DCID 1/20, "Security Policy Concerning Travel and Assignment of Per- sonnel With Access To SCI," incur a special security obligation. This includes requirements to provide advance notice of unofficial travel and to be afforded appropriate defensive security briefings prior to official assignment or unofficial travel. Minimum security policy ap- plicable to such travel or assignment is stated in DCID 1/20. PHYSICAL SECURITY 12. Construction and Protection Standards. All SCI must be stored within accredited SCIFs. Physical security standards for the con- struction and protection of such facilities are prescribed in NFIB/ NFIC-9.1/47, "U.S. Intelligence Community Physical Security Standards for SCI Facilities," effective 23 April 1981, or successor policy statements. 13. Accreditation of SCIFs. The DCI shall accredit all SCIFs except where that authority has been specifically delegated or otherwise provided for. The CIA Office of Security shall accredit SCIFs for Executive Branch departments and agencies outside the Intelligence Community and for the Legislative and Judicial Branches. The accredi- tation shall state the category(ies) of SCI authorized to be stored/ processed in the SCIF. Accrediting officials shall maintain a physi- cal security profile on each of their SCIFs to include data on any waivers of standards. 14. Emergency Plans. Each accredited SCIF shall establish and main- tain an approved emergency plan. This may be part of an overall de- partment, agency, or installation plan, so long as it satisfactorily addresses the considerations stated below. Emergency planning shall also take account of fire, natural disasters, entrance of emergency personnel (e.g., host country police and firemen) into a SCIF, and the physical protection of those working in such SCIFs. Planning should address the adequacy of protection and firefighting equipment, of evacuation plans for persons and SCI, and of life-support equipment (e.g., oxygen and masks) that might be required for personnel trapped in vault-type SCIFs. 6 Approved For Release 2005/12/14: CIA-RDP87601034R000500180041-7 CONFIDENTIAL Approved For Release pI FID:ENTIALB01034R000500180041-7 a. In areas where political instability, host country attitude, or criminal activity suggests the possibility that a SCIF might be overrun by outsiders, emergency plans must provide for the secure destruction/removal of SCI under adverse circumstances, to include such eventualities as loss of electrical power, nonavailability of open spaces for burning or chemical decomposition of material, and immediate action to be taken if faced with mob attack. Where the risk of overrun is significant, holdings of SCI must be reduced to, and kept at, an absolute minimum needed for current working purposes, with reference or background material to be obtained, when needed, from other activities and to be returned or destroyed when it has served its purpose. b. Emergency plans shall be reviewed annually and updated as necessary. All personnel shall be familiar with the plans. In areas where political or criminal activity suggests the possibility that the SCIF might be overrun by outsiders, drills shall be conducted as local circumstances warrant but no less frequently than annually to insure testing and adequacy of plans. 15. Two-Person Rule. NFIB/NFIC-9.1/47 establishes policy on this subject, which is quoted below for ready reference: "As a matter of policy, SCI Control Facilities (SCIFs) should be staffed with sufficient people to deter unauthorized copying or il- legal removal of SCI. SCIF designated communication centers, document control centers (registries), and like facilities that handle or store quantities of SCI must be manned while in operation by at least two appropriately indoctrinated persons in such proximity to one another as to provide mutual support in maintaining the integrity of the facil- ity and the material stored therein. The granting by an SOIC of excep- tions to this policy will be made a matter of record and should involve consideration of the proven reliability and maturity of the persons involved; the volume, variety and sensitivity of the holdings in the facility; and whether or not the persons involved are subject to peri- odic polygraph examinations as a condition of access. Exceptions for communications centers, document control centers, and the like, should be granted in only extraordinary circumstances. Routine work by a lone individual in any SCIF is to be avoided. Contractors will provide two person occupancy in all SCIFs not specifically exempted by the SOIC of the Government sponsor." When a SCIF is granted a waiver for long-term occupancy by a single person, the responsible official shall also establish procedures to ensure that periodic visual or oral checks are made to provide assur- ances on the well-being of the single occupant. Duress alarms and/or duress codes are considered valuable tools to assist in overcoming problems associated with long-term occupancy of a SCIF by a single person. TECHNICAL SECURITY 7 Approved For Release 2005/12/14: CIA-RDP87601034R000500180041-7 CONFIDENTIAL Approved For Release ORIFIDENRAL7B01034R000500180041-7 ' 16. Technical Surveillance Countermeasures. Responsible SOICs shall ensure that technical surveillance countermeasures surveys are con- ducted at their SCIFs at appropriate intervals. Briefings on technical penetration threats shall be provided to personnel manning SCIFs. 17. Compromising Emanations Control Security (TEMPEST). All equipment used to transmit, handle or process SCI electronically, including com- munications, word-processing and automated data processing equipment, must satisy the requirements of NCSC-4, "National Policy on Control of Compromising Emanations" and NACSIM 5203, "TEMPEST Guidelines for Facility Design and RED/BLACK Installations" (when published). Iden- tified compromising emanations must be contained within appropriate boundaries. Instrumented TEMPEST tests shall be conducted at appro- priate intervals to insure compliance with NCSC-4 or successor policy: 18. Automated Data Processing (ADP) Security. All ADP equipment used for processing, handling or storing SCI shall be operated and secured in compliance with DCID 1/16, "Security of Foreign Intelligence in Automated Data Processing Systems and Networks," or successor policy directive. SCI DOCUMENT CONTROL OFFICES/CENTERS AND SECURITY OFFICIALS 19. SCI Special Security Offices and/or Control Centers. SCI Special Security Offices and/or Control Centers, as appropriate, shall be established to serve as the focal point(s) for the receipt, control and accountability of SCI, and other SCI security functions for one or more SCIFs in the local area. The number of such offices and/or cen- ters shall be determined locally on the basis of practicality, number SCIFs to be serviced, organizations involved, and common sense. 20. SCI Special Security/Control Officers. Appropriately SCI-indoc- trinated Special Security Officers and/or SCI Control Officers (e.g., SS0s, TCOs and/or BC0s), and alternates thereto, shall be designated to operate each SCI Special Security Office and/or Control Center. Such officials shall normally have day-to-day SCI security cognizance over their offices/centers and subordinate SCIFs, if any, for that SCI authorized to be handled by organizations served by them. Responsible SOICs shall provide appropriate training in SCI security policy and procedures for their SCI special security/control officers and other SCI registry/security personnel. -SCI Special Security/Control Officers shall provide advice and assistance on SCI matters to their organiza- tions and other activities being supported consistent with specific responsibilities assigned by their SIOs. This may include one or more of the following: --Ensuring that SCI is properly accounted for, controlled, transmitted, destroyed, packaged, and safeguarded. --Giving advice and guidance on SCI classification matters, sanitization, downgrading, decompartmentation, and operational use. Approved For Release 2005/12/14: CIA-RDP87601034R000500180041-7 CONFIDENTIAL Approved For Release 4ot4FIDEptitB01034R000500180041-7 --Ensuring that SCI is disseminated only to persons authorized access to the material involved and having an established need-to-know. --Conducting or otherwise managing required SCI personnel and physical security actions and procedures. --Investigating SCI security infractions and preparing reports and recommendations, as required. --Maintaining listings of available SCI electrical and hard- copy products, validating product requirements, and insur- ing dissemination to 'authorized users. --Conducting required supervision or interface with SCI tele-- communications centers, ADP facilities, and similar offices to insure SCI security. INFORMATION SECURITY 21. Standard Classification Marking Requirements. Apply standard security classification markings (to include classification authority and declassification markings) to SCI according to Executive Order 12356 or successor order and Executive Branch implementing directives. SCI shall always bear the notation "ORIGINATING AGENCY'S DETERMINATION REQUIRED (OADR)" in lieu of any specific date or event for declassifi- cation. 22. SCI Caveats, Codewords, and Designators. Mark SCI with the appli- cable SCI control system caveat at the bottom of all pages of hard copy documents, to include the front and back covers, if any. Mark other SCI documents as described elsewhere in this manual. If the material is to be controlled in only one SCI control system, use either of the following styles: "HANDLE VIA "HANDLE VIA (name of SCI control system) CHANNELS ONLY" (name of SCI control system) CONTROL CHANNELS" If the material is to be controlled in two or more SCI control systems, use the following style: "HANDLE VIA (names of SCI control systems) CONTROL CHANNELS JOINTLY" Mark material warranting SCI codeword or operational program desig- nator protection immediately following the security classification on all pages containing such information. 23. Dissemination Control Markings. When applicable to their in- formation content, mark SCI with the dissemination control markings in 9 Approved For Release 2005/12/14: CIA-RDP87601034R000500180041-7 CONFIDENTIAL Approved For Release taintrAtB01034R000500180041-7 the manner prescribed by DCID 1/7, "Control of Dissemination of Intel- ligence Information." 24. Portion Marking. Each copy of an SCI document (excluding raw in- telligence or working materials) that is transmitted outside the origi- nating agency or department shall, by marking or other means, indicate: (1) which portions are classified, with the applicable classification level, and which portions are not classified; and (2) which portions require SCI codewords, caveats, program designators, or DCID 1/7 con- trol markings. a. Abbreviations for classifications (i.e., "TS," "S," and "C," in descending order; "U" to designate unclassified items), authorized digraph or other recognized abbreviations for codewords and product indicators, authorized abbreviations for SCI control system caveats, and DCID 1/7 control marking short abbreviations shall be used to show the security protection requirements of portions. b. Alternatively, such as in the case of documents all of whose portions are of the same level of classification and control, a para- graph or statement on the document may be used to indicate the secu- rity protection requirements of document portions. Unless the useful- ness of the document would suffer thereby, titles of SCI documents shall be so worded as to avoid the need for compartmented control and to minimize or eliminate the need for classification. c. SOICs may grant waivers of the portion marking requirement for contractor generated SCI when deemed necessary to alleviate an extreme administrative and/or costly burden. Waivers shall not be considered for any permanently valuable records of the Government, or for any in- formation transmitted outside the contractor facility. Any informa- tion transmitted outside the facility, where it may be used as a source document in the derivative classification of other information, must be portion marked before its transmittal. Further, any document upon which the waiver is exercised shall be marked as follows: "WARNING--THIS DOCUMENT SHALL NOT BE USED AS A SOURCE FOR DERIVATIVE CLASSIFICATION" 25. Letters or Memoranda of Transmittal. a. Classified Transmittal Letters. Mark transmittal letters that contain classified information or SCI with the highest classification and all SCI codewords, caveats, or control markings in the letter it- self or any of its enclosures, with a notation such as the following: "REGRADE AS (classification, caveat/codeword, etc) WHEN SEPARATED FROM ENCLOSURE(S) AND UPON PHYSICAL REMOVAL OF INAPPROPRIATE SCI CAVEATS, CODEWORDS, AND CONTROL MARKINGS" In such cases, holders of the letter of transmittal letter must physi- cally remove the inappropriate markings when the letter of transmittal is separated from the enclosure(s). 10 Approved For Release 2005/12/14: CIA-RDP87601034R000500180041-7 prwrinrNTim Approved For Release C9NFIDENRALB01034R000500180041-7 b. Unclassified Transmittal Letters. If a transmittal letter is unclassified itself, but has one or more SCI enclosures, mark it with the highest classification of the enclosure(s) and a prominent notation such as the following: "CONTAINS (SI/TK/B) INFORMATION-- UNCLASSIFIED WHEN APPENDED SCI DOCUMENTS ARE REMOVED" In such cases, do not mark the letter of transmittal with the SCI code- words or caveats contained on the enclosure(s). 26. SCI Control Numbers. Originators shall assign a control number to any SCI documents intended for general distribution to other of- fices, agencies, or commands, when use of a number is considered a necessary adjunct to identification, control, or retrieval of the material. Blocks of control numbers will be assigned to SOICs by the CIA Compartmented Information Branch or other appropriate authority. Control numbers, at a minimum, shall be placed in the designated block on cover sheets and on the front cover (if any) and the title page (if any)--or, if no cover or title page, on the first page. a. Each control number shall consist of the identifying letters of the name of the applicable control system, a number selected on a "one up" basis from the block of numbers assigned to the control of- fice, and the last two digits of the current year. When a document contains SCI subject to two or more control systems, assign a control number according to the established precedence of SCI systems. For example, material containing BYE and TK or BYE and COMINT material would be assigned a BYE number. Material containing TK and COMINT would be assigned a TCS number. SOICs may prescribe special number- ing procedures for contractor-originated SCI. b. When a control number is used, also assign a copy number to individual documents (e.g., copy 1 of 3 copies). Show the copy number with the control number. Use a combination of digits and letters to show reproduced copies (i.e., copy 1A, copy 4C, etc) or identify the copies as "Series B," Series C," etc. 27. Specialized Media. Unless specifically excepted by the cognizant SOIC, labeling requirements for SCI in specialized media are as cited below. Material transmitted outside the originating agency shall be in accordance with the following: a. Automated Data Processing (ADP) Media. Each media item [e.g., demountable data and program storage media (magnetic tapes, disk packs, floppy disks, magnetic cassettes), card decks, punched paper tapes, and disk packs] containing SCI in recorded form shall be externally labeled to show its classification and applicable SCI control system caveats or codewords. Internal ADP media identification shall include header and trailer blocks giving all security markings (i.e., clas- sification; SCI system caveats, codewords, product indicators; and DCID 1/7 control markings, as applicable). 11 Approved For Release 2005/12/14 : CIA-RDP87601034R000500180041-7 CONFIDENTIAL Approved For Release CONIMENITAtB01034R000500180041-7 b. Photographic Media. Photography in roll, flat or other form containing SCI shall be labeled with its classification and applicable SCI control system caveats or codewords. For film in roll form, a label giving the required data shall be placed on the end of the spool flange, on the side of the spool container, and on the container cover (if any), unless the container and its cover are transparent, in which case no label is needed on the container or its cover if the flange label is visible through the container. Roll film itself shall include head and tail sequences giving all security markings applicable to the contents. Positive film flats or slides shall bear individual internal markings providing the classification and all applicable SCI and other control markings. The frames of slides shall also be labeled with the classification and applicable SCI caveats and codewords (which may be abbreviated if necessary to fit in the space provided). c. Microform Media: (1) Microfiche. Each microfiche shall have a heading whose elements are readable without magnification and which provides the document title, classification, SCI control number, and, using standard abbreviations, applicable SCI caveats and codewords and DCID 1/7 con- trol markings. Individual microfiche shall be placed in colorcoded envelopes indicative of the SCI control system(s) applicable to the informational contents. (2) Microfilm. Each roll of microfilm shall contain classi- fication and control information at the beginning and end of the roll. This may be in abbreviated form. Boxes containing processed film on reels and film cartridges shall be labeled to show the document title (generic title if more than one document is on the film), the highest security classification of the contents, the SCI caveats and codewords applicable to the filmed information, and any DCID 1/7 control markings that may apply. d. Electrically Transmitted Traffic. SCI transmitted by accred- ited electrical or electronic means resulting in record copy material shall be marked at the top and bottom of each page (to include each segment of messages printed on perforated paper) with its security classification, and labeled to show all applicable SCI caveats, code- words and product designators, and any DCID 1/7 control markings that apply. These markings shall be clearly shown consistent with the design of the message format being used, except that the overall clas- sification and applicable SCI caveat or codeword(s) and product indi- cator(s), and DCID 1/7 control markings shall precede the text of the message. Paragraph 21 on downgrading data and paragraph 24 on portion marking shall be applied in the case of record SCI traffic. e. Files, Folders, or Groups of Documents. Files, folders or groups of documents shall be conspicuously marked to assure the protec- tion of all .SCI contained therein. Such material shall be marked on the file folder tab or other prominent location or affixed to an ap- propriate SCI cover sheet. 12 Approved For Release 2005/12/14: CIA-RDP87601034R000500180041-7 CONFIDENTIAL Approved For Release goNfiDENNAboi034R000500180041-7 28. Cover Sheets. When it is necessary to guard against unauthorized disclosure to persons not possessing appropriate SCI accesses, sepa- rate cover sheets shall be used. Cover sheets shall show, by color or other immediately recognizable format or legend, what SCI control sys- tem, or combination of systems, they apply to, and other applicable markings. 29. SCI Accountability and Control Procedures. Each SCIF shall main- tain systems of accountability sufficient to provide for the security of SCI disseminated, received or retained by its activity, and to as- sist in the investigation of compromises of SCI documents. a. Records: 4 (1) Records for Incoming SCI. Except as provided in b below, a record shall be kept of all SCI documents received by a SCIF for at least 6 months after receipt of the material. Records shall identify the material by control and copy number (if used), originator, a brief description of the material, and the identity of office(s) within the SCIF that received the material. This will normally be satisfied by keeping copies of receipts or other records that provide necessary identifying data. For electrically received record traffic, this requirement may be fulfilled through retention of standard telecom- munications center records for at least 6 months. Subsequent to this process, no further accountability records or administrative controls (e.g., internal receipting among activities in the same SCIF, access records, destruction certificates) are necessary for SCI security purposes while SCI documents are main- tained in or accountable to a receiving SCIF. (2) Outgoing SCI. Except as provided in b below, a receipt shall be retained and a record kept for all SCI physically dispatched from the SCIF for the preceding 2 year period. Receipts shall identify the material by control and copy number (if used), originator, contain a brief description of the material, and identify the recipient. For Confidential COMINT-related material, this requirement may be ful- filled through the required ARFCOS pouch or package receipt or by other appropriate dissemination records kept by the sender. b. Raw Intelligence Data. Accountability records are not required for raw intelligence data that are transmitted from a collection point or facility to a processing facility or are being processed into a form suitable for analytical use, provided such data remains under the control of a single Intelligence Community organization, is transmitted only by means authorized herein for SCI, and is accessible only to per- sonnel meeting standards for, and granted access to, the SCI programs or control systems involved in the data. c. Working Material. Accountability records are not required for SCI working materials used exclusively within a SCIF. Examples include preliminary drafts of papers, film chips in analysts' reference files, copies of electrically transmitted messages, records of analyst-to- 13 Approved For Release 2005/12/14: CIA-RDP87601034R000500180041-7 CONFIDENTIAL Approved For Release ORWIDENRAIZB01034R000500180041-7 analyst transmissions, data base inquiries, and waste materials such as carbon paper and stenographic notes. However, such materials must be safeguarded according to the handling, storage and disposition requirements for SCI documents. 30. Temporary Release of SCI Outside a SCIF. When operational needs require SCI to be released for processing or temporary use by SCI-in- doctrinated persons in non-SCI accredited areas, such release shall only be accomplished with the consent and under the supervision of the responsible SCI security/control officer. The responsible officer shall obtain signed receipts for SCI released in this manner and shall ensure that conditions of use of the released material will provide adequate security until the SCI is returned to a SCIF. 31. Audits and Inventories. SOICs shall arrange for the conduct, by SCI security/control officers, of such periodic reviews of SCI held by organizations under their cognizance as will ensure that proper ac- countability is being maintained and that SCI is destroyed when no Longer needed. SOICs and SCI Program Managers may require the inven- tory of specified SCI within activities under their cognizance. 32. Reproduction. Reproduction of SCI documents shall be kept to a minimum consistent with operational necessity. Copies of documents are subject to the same control, accountability, and destruction pro- cedures as are the originals. Stated prohibitions against reproduction shall be honored. Equipment used for SCI reproduction shall be thor- oughly inspected and sanitized before being removed from a SCIF. 33. Transmission. SCI may be transmitted from one SCIF to another in a manner which ensures that it is properly protected. a. Courier Procedures. SCI may be carried from one SCIF to an- other by two couriers approved for this purpose, by diplomatic pouch, or by the Armed Forces Courier Service (ARFCOS). Courier procedures shall ensure that SCI materials are adequately protected (to the extent possible) against the possibility of hijacking, loss, exposure to un- authorized persons, or other forms of compromise. SCI couriers must be active-duty military or US Government civilian employees meeting DCID 1/14 standards who are specifically designated for that purpose. Contractors and consultants are pro- hibited from couriering SCI unless they have been specifically approved for such duty for a particular period by the responsible SOIC. SCI may be carried by a single officially designated courier within US Government or military installations or between SCIFs in the Washington, DC, metropolitan area. Additionally, the responsible SOIC may waive the two-courier requirement in other areas, as appropriate. Material carried by a single courier shall be transported in a securely Locked briefcase or sealed pouch marked "TO BE RETURNED UNOPENED TO (name of appropriate organization and telephone number which will be manned at all times ." No inner wrapper or container is required under these circumstances. 14 Approved For Release 2005/12/14: CIA-RDP87601034R000500180041-7 CONFIDENTIAL Approved For Release coiNfinRimpoi 034R00050Q180041-7 b. Wrapping Procedures. SCI shall be enclosed for couriering in two opaque envelopes or be otherwise suitably double-wrapped using canvas bags, cartons, leather or plastic pouches, or similar con- tainers (see' a above for exception). Outer containers shall be secured with tape, lead seals, tumbler padlocks, or other means which would reasonably protect against surreptitious access. The inner and outer containers shall be annotated to show the package number and addresses of the sending and receiving SCIF. The notation "TO BE OPENED BY THE (appropriate SCI Special Security/Control Officer) " shall be placed above the pouch address of the receiving SCIF on both con- tainers. The inner wrapper shall contain the document receipt and the name of the person or activity for whom the material i's intended. The applicable security classification and legend "CONTAINS SENSITIVE COMPARTMENTED INFORMATION" shall appear on each side of the inner wrapper only. c. Electrical Transmissions. Senders of SCI transmitted electri- cally or electronically (to include facsimile, computer, secure voice or any other means of telecommunication) must ensure that such trans- missions are made only to authorized recipients. Receivers must pro- vide proper protection for SCI so received. Electrical transmission of SCI shall be limited to specifically designated and accredited communications circuits secured by an NSA-approved cryptographic system and/or protected distribution systems. The construction and protection of SCI telecommunications facilities shall be as prescribed in NFIB/ NFIC-9.1/47 and the effective edition of KAG-1 and superseding NACSI 4000-series publications. 34. Destruction of SCI. SCI shall be retained for the time periods specified in records control schedules approved by the Archivist of the United States (44 U.S.0 33 and FPMR 101-11.4). Duplicate infor- mation and other non-record copies of SCI documents shall be destroyed as soon as possible after their purpose has been served. Destruction shall be accomplished in a manner that will preclude reconstruction in intelligible form. Only those methods (e.g., burning, pulping, shred- ding, pulverizing, melting, or chemical decomposition, depending on the type of materials to be destroyed) specifically authorized by the responsible SOIC may be used. Destruction shall be supervised and witnessed by at least two SCI-indoctrinated persons. SCI in computer or automated data processing systems or other magnetic media shall be "destroyed" through erasure by approved degaussing equipment or by executing sanitization procedures specified in the DCI's "Intelligence Community Policy for the Release of Magnetic Storage Media," 13 March 1974. RELEASE OF SCI TO CONTRACTORS/CONSULTANTS 35. Policy. Basic DCI policy on release of foreign intelligence to contractors and consultants (hereafter referred to as contractors) is contained in the attachment to DCID 1/7, "DCI Policy on Release of Intelligence Information to Contractors and Consultants." SCI may be released by SOICs or their designated representatives to US Government 15 Approved For Release 2005/12/14: CIA-RDP87601034R000500180041-7 NINFMENTIAL Approved For Release NNW ERTFIAL Bo 034R000500180041-7 contractors according to the following. SOICs may impose more strin- gent requirements. a. The release, control, handling, accountability, and destruction of SCI shall be accomplished pursuant to the provisions of the attach- ment to DCID 1/7 and this manual. b. The permission of the originator of the information to be released shall be secured. (This permission may be granted in the form of lateral agreements between departments and agencies.) c. The sponsoring agency or department shall prescribe as part of the contractual arrangement the minimum security requirements for safe- guarding SCI according to this Directive. This may include a require- ment that the contractor or consultant establish and maintain SCIF(s). All activities involving SCI (including discussions) shall be con- ducted in a SCIF. d. SOICs of the sponsoring agency or department or their desig- nated security representative shall perform or have performed a secu- rity survey at the contractor or consultant SCIF prior to release of SCI. The purpose of the survey is to determine that the SCIF and security procedures established by the contractor or consultant are adequate for the protection of SCI. Thereafter, periodic security inspections to ensure continuous compliance with SCI security require- ments shall be conducted. e. Decisions on selections of contractors for prospective release must take into account the potential recipients' past record in prop- erly safeguarding classified material. f. SCIFs established in industry must be closely monitored by the sponsoring SOIC to ensure that SCI security procedures are followed and that SCI documents are properly segregated from other materials held by the contractor. When two or more organizations release SCI to a given contractor, the organizations involved shall agree on matters of joint SCI security responsibilities. 36. Foreign Ownership/Dominance. Contractor companies under foreign ownership, control or influence shall generally be ineligible for access to SCI activities and information. Foreign ownership, control or influence in this instance means that foreign interests own five percent or more of a contractor's voting stock, or they are able through lesser holdings to control or influence the appointment and tenure of the contractor's managing officials. The responsible SOIC may waive this provision, however, if a review of the circumstances determines that the following conditions apply: the foreign ownership, control or influence does not involve Communist countries or countries otherwise inimical to the United States, and the foreign interests do not have the right to control or influence the appointment or tenure of a contractor's managing officials. Before a waiver is granted, provision must be made to ensure that security safeguards exist to 16 Approved For Releaseddrifittor..034R000500180041-7 Approved For Release coiNFIDENTAB01034R000506180041-7 Should foreign ownership increase beyond five percent during the course of a contract, a review of the contractor's eligibility for continued access shall be made by the responsible SOIC. LEGISLATIVE BRANCH ACCESS TO SCI 37. Policy: a. As an underlying principle, access to intelligence information shall be consistent with the protection of intelligence sources and methods. Normally, Congressional requests for intelligence informa- tion can be satisfied at the collateral (i.e., non-SCI) level, but, in certain instances, there may be a need for access to SCI. In these instances, every effort shall be made to exclude, to the extent pos- sible, data on intelligence sources and methods. b. Members of Congress may be provided access to SCI on a need-to -know basis without a security investigation or adjudication. Heads of organizations within the Intelligence Community or program managers providing SCI shall provide briefings on the sensitivity and vulner- ability of the information, and the sources and methods involved, as required to ensure proper protection. c. Access to SCI by staff members of the Senate Select Committee on Intelligence (SSCI) and the House Permanent Select Committee on Intelligence (HPSCI) are governed by Memoranda of Understanding (MOU) executed by the Chairmen of these Committees and the DCI. Provision of information and materials to these Committees shall be in accordance with mutually agreed upon existing arrangements with the Committees. d. Requests for SCI access approvals for other Legislative Branch personnel shall be referred to the Chief of Legislative Liaison for DCI approval. Requests must be in writing by committee or subcommittee chairmen and clearly describe the nominee's need-to-know. Issues arising with regard to particular requests shall be referred to the DCI for resolution. Unless otherwise authorized by the DCI, approval for SCI access for Legislative Branch staff personnel shall be limited to: (1) Permanent staff personnel of appropriate Congressional committees and subcommittees. (2) Selected employees of the General Accounting Office and the Library of Congress. (3) Selected members of the staffs of the Leadership of the House and Senate, as agreed by the DCI and the Leadership. 38. Verification Requirement. The DCI's Chief of Legislative Liaison will verify, on behalf of the DCI, the need of persons in the Legisla- tive Branch, other than members of Congress, for SCI access. Verifi- cations shall be based on such persons' job responsibilities in the following areas: 17 Approved For Release 2005/12/14: CIA-RD_P_87B01034R000500180041-7 CONFIDENTIAL Approved For Release CONFIDENRALB01034R000500180041-7 a. Direct involvement in authorization legislation pertaining to Intelligence Community organizations. b. Direct involvement in appropriations legislation for Intelli- gence Community organizations. c. Direct involvement in reviews authorized by law of activities of Intelligence Community organizations. d. Direct involvement in other legislative matters which, of necessity, require direct SCI access. 39. Access Approval Procedures: a. SCI access approvals may be granted to staff personnel in the - Legislative Branch, described above, who possess a Top Secret collat- eral clearance and who meet the investigative standards set forth in DCID 1/14. Requests for exceptions to this policy shall be referred to the DCI's Chief of Legislative Liaison. The requester of the SCI access approval is responsible for assuring the conduct of an appropri- ate investigation. Reports of investigation shall be reviewed by the CIA Director of Security to assure uniform application of DCID 1/14 security criteria. The granting of access approvals shall be coordi- nated with the appropriate program managers, as agreed by the DCI. b. Staff personnel in the Legislative Branch receiving SCI access approvals shall be provided appropriate security briefings by the CIA Special Security Center and shall sign NdAs before receiving SCI ac- cess. SCI access approvals shall be recorded in the 4C system (para- graph 8). Copies of NdAs shall be provided to program managers who request them. c. The DCI's Chief of Legislative Liaison shall be notified promptly of employee job changes or terminations to ensure updating of the 4C system and appropriate debriefing of the employee. SCI access approvals of Legislative Branch employees must be withdrawn or revali- dated if an employee leaves the specific position for which access was authorized. d. SCI shall be made available to committee and subcommittee members only through or under the authority of the chairman of the Congressional committee or subcommittee concerned. 40. Handling and Storage of SCI: a. Any Intelligence Community organization that provides SCI to Congress shall ensure that the handling and storage of such information conforms to the requirements in NFIB/NFIC-9.1/47 (see paragraph 12) or successor policy statements. SCIFs shall be accredited by the CIA Special Security Center. Where adequate provisions cannot be made for the handling and storage of SCI, no such information may be provided without the approval of the DCI. 18 Approved For Release 2005/12/14: CIA-RDP87601034R000500180041-7 CONFIDENTIAL Approved For Release 0 F/11DENTFII471301034R000500180041-7 b. Any Intelligence Community organization that provides testimony or briefings involving SCI to persons in the Legislative Branch shall do so according to the following security measures; (1) A thorough physical security and audio countermeasures inspection of the room where testimony or briefing will occur must be conducted immediately before the presentation, unless the premises are maintained in a secure status. Audio countermeasures surveillance of the premises should also be maintained during the presentation. (2) All persons present, other than elected officials, in- cluding transcribers and other clerical personnel, must be certified for the SCI 'access being discussed. Arrangements shall be made to monitor entrances to the room where the presentation will be given to exclude unauthorized persons. (3) All transcriptions or notes that result from briefings or testimony must be handled and stored according to the SCI security requirements as specified in a, above. (4) The room in which a presentation is given must be in- spected after the presentation to ensure that all SCI is properly secured. (5) Any Intelligence Community organization that provides SCI to a Congressional committee, other than a committee routinely involved in the oversight and appropriations processes of Intelligence Community organizations, shall endeavor to provide such information through the SSCI or HPSCI, as appropriate. The SSCI and HPSCI both have facilities that meet the NFIB/NFIC-9.1/47 requirements and personnel trained in SCI handling procedures. The Committee requesting the information shall contact the HPSCI or SSCI and obtain their permission to use their facilities prior to the transmittal of the information. Where possible, custody of such information shall remain with the Intelli- gence Community organization concerned. Where such information must be physically transferred, efforts shall be made beforehand to elimi- nate or minimize the risk of exposure of SCI sources and methods. 41. Marking SCI Released to Congress. SCI being prepared for release to Members of Congress and Congressional committees shall be marked with all applicable classifications; SCI caveats, codewords, project indicators; and DCID 1/7 control markings. The term "SENSITIVE" may not be used instead of, or in addition to, SCI markings. Releasing agencies shall ensure, through their legislative offices or comparable elements, that Congressional committee staff employees, and employees of the Library of Congress and the General Accounting Office, have clearances and SCI access authorizations appropriate for receipt of the material involved. Releasing agencies also shall ensure that SCI being provided Legislative Branch components is stored in accredited SCIFs. 19 Approved For Release 2005/12/14: CIA-RDP87601034R000500180041-7 CONFIDENTIAL Approved For Release 005NFIDENNAIZB01034R000500180041-7 JUDICIAL BRANCH ACCESS TO SCI 42. Policy. The Department of Justice (DOJ) Security Officer has been given the responsibility for the care, custody and control of SCI material involved in any criminal case, pursuant to the Classified Information Procedures Act of 1980 (CIPA] [Public Law 96-456. 94 Stat. 2025 18 USC Appendix 4] and the "Security Procedures Established Pursuant to Public Law 96-456. 94 Stat. 2025 18 USC Appendix 4, By The Chief Justice of the United States For The Protection of Classified Information," dated 12 February 1981. These security procedures were developed in consultation with the Attorney General, the Director of Central Intelligence, and the Secretary of Defense. The following policy taken from the "Security Procedures" is provided as general guidance when Judicial Branch access to SCI is required. a. An SCI access authorization for federally appointed judges and justices is not required. If desired, however, an SCI authorization can be granted and a formal briefing presented to the requesting judge /justice through coordination with the DOJ Security Officer. b. Magistrates, immigration commissioners, administrative law judges, hearing commissioners, and other such court officials, who are not appointed by the Federal Government, or who have not been subjects of background investigations as part of the appointment process, must obtain SCI access authorization. c. All other court, government, or support personnel (law clerks, attorneys, US Marshals, courtroom clerks, court reporters, administra- tive officers, secretaries, etc.), who have a validated need-to-know, must obtain SCI access authorization. d. The Government may obtain, consistent with the CIPA and its "Security Procedures," as much information as possible in its attempt to make an adjudication pursuant to DCID 1/14, for those individuals acting for the defense. e. There is no requirement for investigation or SCI access author- ization for members of the jury. f. A Court Security Officer (CSO) shall be appointed by the Court from recommendations submitted by the DOJ Security Officer and with the concurrence of the head of any Intelligence Community entity (or his/her designee) from which the case-related SCI originates. The CSO is responsible for ensuring compliance with the CIPA and all other applicable directives and regulations concerning the safeguarding of SCI; and, for providing SCI security support, as needed, for all per- sons involved in the particular case. 43. SCI Access Verification. Requirements for SCI access shall be provided to the CSO who shall notify the DOJ Security Officer. The DOJ Security Officer shall coordinate requirements with agencies/program managers involved. 20 Approved For Release 2005/12/14: CIA-RDP87601034R000500180041-7 CONFIDENTIAL Approved For Release 1OONE/110PlifF1L4LB01034R000500180041-7 44. SCI Access Eligibility Determination Procedures. SCI access will be authorized by the DOJ Security Officer, who is responsible for adjudicating the results of investigations required by DCID 1/14. a. The Court, and other appropriate officials, shall be notified in writing by the DOJ Security Officer of SCI access approvals. b. SCI briefings shall be provided by DOJ Special Security Center (SSC) personnel, or by an appropriately indoctrinated representative of the agency which originated the SCI, in coordination with the DOJ SSC. ? 45. Handling and Storage of SCI. Matters pertaining to the handling, storage and disposition of SCI shall be coordinated with the CSO who is responsible for ensuring that proper safeguarding procedures are estab- lished and that adequate storage is provided for SCI pursuant to the CIPA Security Procedures and this manual. These matters shall be coor- dinated with the U.S. Intelligence Community entities originating the SCI case material. 46. Additional Details. Additional details/information may be found in the CIPA and/or the "Security Procedures," which may be obtained from the DOJ SSC. Any question concerning the interpretation of any security requirement contained in the CIPA security procedures shall be resolved by the Court in consultation with the DOJ Security Offi- cer and the appropriate Executive Branch agency security representa- tive. SCI SECURITY VIOLATIONS/COMPROMISES 47. Individual Responsibilities. All possible security violations or compromises involving SCI shall be immediately reported to the applica- ble SCI Security/Control Officer. Immediate action shall be taken to maintain the physical security of SCI documents discovered in an in- secure environment until such material can be restored to SCI control. SOICs shall ensure that persons under their cognizance are advised and are periodically reminded of these responsibilities. 48. Investigations. SOICs shall establish procedures within their organizations to ensure that all reported actual or potential security violations or compromises occurring in areas subject to their juris- diction are properly investigated to determine if there is a reasonable likelihood that a compromise may have occurred. a. If so, the cognizant SOIC, or other authority designated by the SOIC, shall immediately report the incident to the appropriate Intelligence Community Program Manager. An investigation shall be conducted to identify full details on the violation/compromise, and to determine what specific information was involved, what damage resulted, and whether culpability was involved in the incident. b. If the case involves an inadvertent disclosure, the SCI Secu- rity/Control Officer is expected to exercise his or her best judgment 21 Approved For ReleaseCUNrinEM7B01034R000500180041-7 Approved For Release 00iNFIDE4RAIIB01034R000500180041-7 as to whether the interests of SCI security are well served by seeking written agreements from unindoctrinated persons to whom SCI has been inadvertently disclosed. If the judgment is that those interests are so served, the person(s) involved signs an inadvertent disclosure agreement; and if the responsible SCI Security/Control Officer has reason to believe that the person(s) will maintain absotute secrecy over the SCI involved, the report of investigation may conclude that no compromise occurred. c. The farm of inadvertent disclosure agreement may be developed by SOICs, but shall, in all cases, be structured so that it conveys no classified information itself, emphasizes that there is no time limit on the need to safeguard the disclosed data, reminds the signer of the provisions of the Espionage Statutes, and commits the signer to cer- tifying his or her understanding of the situation and to affirming that he or she will never, without proper authority, disclose or dis- cuss the information with any other person. d. When investigations show that SCI was inadvertently disclosed to foreign nationals, or that cases under investigation involve damage deemed significant by the cognizant SOIC, espionage, flagrant derelic- tion of security duties, or serious inadequacy of security policies and procedures, summaries of the investigations and of related actions shall be provided to the DCI by the responsible SOIC. The DCI Security Committee is the preferred channel for such reporting. 49. Corrective Action. Investigating officers shall advise cognizant SOICs and SIOs of weaknesses in security programs and recommend correc- tive action(s). SOICs are responsible for ensuring that appropriate corrective action is taken in all cases of actual security violations and compromises. Administrative sanctions imposed in cases of demon- strated culpability shall be recorded in security files of the respon- sible SOIC. Security deficiencies identified by investigation to have contributed directly to the incident shall be corrected if it is within the capability of the SOIC concerned; if not, full details and recom- mendations on corrective measures shall be provided to the DCI through the DCI Security Committee. INSPECTIONS 50. Policy. Periodic inspections of SCIFs by the responsible SOIC are mandatory. Inspections shall be performed by persons knowledgeable of SCI storage, control and protection procedures, and shall be designed to ensure that procedures and safeguards comply with the requirements of NFIB/NFIC-9.1/47, this manual, and other applicable directives. Inspection reports shall be retained in the files of the accrediting organization. Intelligence Community organization inspection reports of joint SCIFs may be accepted by any other organization which uses the SCIF as valid findings of the degree of compliance with applicable security standards.. Inspection reports shall identify any deficiencies found and the status of actions taken to correct them. 22 Approved For Release 2005/12/14: CIA-RDP87601034R000500180041-7 CONFIDENTIAL Approved For Release 2005/12/14: CIA-RDP87601034R000500180041-7 c644, 417-2411441 --- gel ,i,;..p.414eae-t-41 a,a,11.4010a5- Approved For Release 2005/12/14: CIA-RDP87601034R000500180041-7 Approved For Release 2005/12/14: CIA-RDP87601034R000500180041-7 Approved For Release 2005/12/14: CIA-RDP87601034R000500180041-7