Library of FAQs
Safeguards and security (S&S) policies
and systems provide a formal, organized process
to establish the roles and responsibilities
for the U.S. Department of Energy (DOE) S&S
Program. This process facilitates planning,
performing, assessing, and improving the secure
conduct of work and protection of important
DOE assets in accordance with risk-based protection
strategies. Specific requirements for each of
the key elements are contained in their respective
programmatic Manuals. The requirements are based
on national level policy promulgated in laws,
regulations, Executive orders, and Presidential
directives and are designed to prevent unacceptable
impacts on national security, the health and
safety of DOE and contractor employees, the
public, or the environment.
The following frequently asked questions (FAQs)
are organized by the topical areas and offer
answers to recurring questions or policy clarification
requests. All FAQs can be viewed by scrolling
through the whole document or viewed by clicking
on the following topical areas:
Program Planning
and Management: S&S program
planning and management is integrated with
other programs such as physical protection,
protective force (PF), information security,
personnel security, and nuclear material
control & accountability (MC&A).
The following FAQs will help in better understanding
some of the common topics within program
planning and management.
Q: I've heard that the Program Planning
and Management Manual (DOE M 470.4-1) is
being revised. Who is working on that revision
and when will the new version be available
for review?
A: HSS has initiated a major zero based
policy review effort to examine the content
and format of the core safeguards and security
directives in the 470.4 series. As part
of that effort, the Program Planning and
Management Manual is undergoing a comprehensive
review by three working groups consisting
of subject matter experts from throughout
the DOE complex. Because of the complexity
of this Manual, each group is looking at
a single topical area.
-
The Program Planning
group has been assigned to evaluate policies
pertaining to such topics as safeguards
and security program planning, site safeguards
and security plans, resource planning,
and vulnerability assessments.
-
The Implementation group has been evaluating
topics related to FOCI determinations,
facility clearances, safeguards and
security training, security awareness
programs, and control of classified
visits.
-
The Evaluation and Feedback
group is working on topics including performance
assurance, surveys and self-assessments,
and incidents of security concern.
When all of the groups have finished their
reviews and initial drafts of their topical
areas, the drafts will be combined and reviewed
by an implementation focused "red team."
A review of the approach DOE uses for safeguards and security planning,
which began in late 2007, delayed the final draft and review of the by the "red team".
It is anticipated that the new planning document will be accepted in early July
and work on the Manual will resume in mid-summer.
Q: Several DOE 470.4 series Manuals
use the term "Departmental element."
What does that term mean?
A: The term "Departmental Element"
is a common-use term from the DOE directives
system. DOE M 251.1-1B, Departmental
Directives Program Manual defines Departmental
Element: "First-tier organizations
reporting directly to the Secretary, Deputy
Secretary, or Under Secretaries. The National
Nuclear Security Administration is a Departmental
element. First-tier organizations at Headquarters
include the Secretary, Deputy Secretary,
Under Secretaries, and Secretarial Officers
(Assistant Secretaries and staff Office
Directors). First-tier organizations include
managers of the field offices and Administrators
of the Power Marketing Administrations."
The latest list of Departmental Elements
can be found at: http://www.directives.doe.gov/pdfs/reftools/org-list.pdf.
Q: Are there any resources available
within DOE for people involved in developing
and managing a security awareness program
as required in DOE M 470.4-1?
A: Yes. The National Training Center (NTC)
offers a four and one-half day introductory
course, Safeguards and Security Awareness
Coordinators' Training, for individuals
who are involved in developing, implementing,
and maintaining security awareness programs.
More information on the course is available
on the NTC website at http://www.ntc.doe.gov/ntc/docs/NTCCourseCatalog_Final.pdf.
The Security Awareness Special Interest
Group (SASIG) is an active networking group
of Federal and contractor personnel involved
with safeguards and security awareness programs.
The members of SASIG work to promote safeguards
and security awareness within the DOE, assist
sites and facilities in carrying out the
security awareness program requirements
and share security awareness resources.
Membership is open to anyone with a work-related
interest in promoting security awareness,
and there is no membership fee. More information
about SASIG, including how to join the group,
is available on the SASIG website at http://www.orau.gov/sasig/.
Q: What is expected of an organization
which assumes security cognizance for another
site? Are there specific duties and services
that the organization with security cognizance
has to provide?
A: An organization which is listed as the
cognizant security authority for another
location is expected to be able to perform
specific security functions on behalf of
the client location. Those security duties
and services include but may not be limited
to surveys to determine security requirements,
review and storage of safeguards and security
plans and other documents, oversight activities,
FOCI considerations, registration of a facility
clearance, personnel security clearance
activities, and SSIMS entries. In accordance
with DOE M 470.4-1 and the requirements
of the NISPOM, the security authority must
possess a facility security clearance at
the same level or higher as an office over
which it exercises responsibility. This
means that the cognizant security organization
must be surveyed and registered in SSIMS,
and must set up a limited area and classified
processing capabilities. The organization
must meet the requirements and be capable
of undertaking the security activities itself;
there is no provision for establishing a
Memorandum of Agreement or other vehicle
as a "paper" designation to allow
the security activities to be performed
by another organization on behalf of the
organization with security cognizance.
Q: Some forms that DOE uses in connection
with various activities (such as the Visit
Request form and the Security Acknowledgement
and Termination Statements) are really outdated.
Are there any plans to revise these forms
and bring them up to date?
A: As the zero-based policy review proceeds,
some review of the forms used in connection
with specific activities is being conducted.
The Security Acknowledgment and Terminations
Statements, which are used primarily in
connection with the DOE personnel security
program but which also have security awareness
applications, are currently being revised
to reflect changes to the DOE personnel
security program (new drug testing requirements,
revised personnel security and foreign travel
reporting requirements), and to reflect
current requirements pertaining to prepublication
review of materials prepared by individuals
who hold or previously held a DOE security
clearance. Since questions have been raised
concerning the Visit Request form, used
in the classified visits program, we will
review this form and update it as necessary.
Questions pertaining to other forms which
are referenced in the security directives
may be addressed to HS-71.
Q: I have a question regarding the Outside
Director (OD) for a company under a Security
Control Agreement. Can the OD do consultant
work for one of the foreign owners after
he has been approved by the Office of Security?
DOE M 470.4-1 Part 2, Section H, Chapter
IV, FOCI Mitigation Action Plans, 3.,c.,(2)
Security Control Agreement, (b) 1: "Appointment
of one or more outside directors who must
meet the eligibility requirements set forth
in paragraph 3.b(1)(b), above. This reference
reads: "Be completely disinterested
individuals with no prior involvement with
the cleared U. S. organization, its foreign-owned
tier parent(s), or any of its foreign-owned
affiliate(s). This reference, as stated,
applies to "before" approval,
but, what about after approval? Is this
a conflict of interest? We have been told
that one of our ODs has been doing consulting
work for one of the parents in his company.
A: Based on the situation you've described,
it appears there may be a conflict of interest
here. As you have stated above, the Manual
requires that when setting up the Security
Control Agreement one of the stipulations
for the Outside Director (OD) is that he/she
must, "Be completely disinterested
individuals with no prior involvement with
the cleared U.S. organization, its foreign-owned
tier parent(s), or any of its foreign-owned
affiliate(s)." If the OD is getting
paid to do work for a foreign parent, he/she
is no longer a "completely disinterested
individual." I think the term completely
disinterested is the key to the requirement.
"No prior involvement" is one
characteristic of being completely disinterested.
However, I don't believe it is the sole
characteristic. The key to being disinterested
is that the person must be unbiased by personal
interest. If the OD is hired by the foreign
parent, he/she is no longer disinterested.
Q: What is meant by the term
cognizant security authority used in the
DOE 470.4 series? Can this authority be
further delegated? Does this need to be
a formal appointment?
A: As used in the Manuals in this series, the term Cognizant
security authority refers to DOE and NNSA
Federal and contractor employees who have
been granted the authority to commit security
resources or direct the allocation of security
personnel or approve security implementation
plans and procedures in the accomplishment
of specific work activities. "DOE
cognizant security authority" is used
when intended to apply specifically to a
Federal authority. When specifically requiring
a contractor to fulfill the role, the phrase
"contractor cognizant security authority"
is used, and when neither DOE nor contractor
is specified, the authority may be assigned
to either. Further delegation is typically
acceptable by definition (Federal/Contractor
constraints maintained) since DOE and contractor
line management designate their cognizant
security authorities. Any exceptions to
this will be specified in the corresponding
sections of the manuals. Likewise formal
appointment is not required, although delegations of authority must
be documented in the appropriate safeguards and security management plan.
Whether the cognizant security authority role can be
delegated or requires formal appointment
for any particular action is determined
on a Program/site-specific basis according
to applicable contracts, directives, and/or
security plans. Under DOE O 470.4A, the Under Secretary for Science, the
Under Secretary for Energy, and the Associate Administrator for Defense
Nuclear Security are designated as the DOE cognizant security authorities
for their organizations and may delegate this authority as necessary to
carry out the associated responsibilities.
Q: Why does the Office of Security Policy
(HS-70), Office of Health, Safety and Security,
need a copy of our approved S&S deviations?
A: HS-70 is responsible for establishing
the requirements and responsibilities found
in S&S directives, including the requirements
for the deviations process. HS-70 must be
aware of deviations from these provisions
for the following reasons: 1) to assure
that the deviations process is being implemented
correctly; e.g., that a deviation is not
labeled a "variance" because of
its easier requirements, when, in fact,
it is a waiver or an exception; 2) to assure
that the provision is one from which a deviation
is allowed; e.g., that it is not a statutory,
regulatory, Executive order, or Presidential
directive requirement from which no deviation
is allowed without further process; and
3) to evaluate the portion of the directive
from which a deviation is requested to determine
if the directive needs to be revised or
canceled.
Q: Former policy addressed recurring
classified visits by local FBI personnel;
however, current policy does not. Why was
this language removed? Can we establish
local procedures to allow such recurring
classified visits?
A: Current policy for the Classified Visits
provisions is found in DOE M 470.4-1,
Section L. Under this section "continuing
visitor access approval" is now required
when it is known that an individual's classified
visits will be frequent. DOE M 470.4-1,
Section L, paragraph 2.a.(3) reads: "Line
management must establish local procedures
for the control of classified visits. Procedures
must ensure... (3) Continuing visitor access
approval is necessary for individuals who
frequently visit DOE facilities. However,
the locally approved access approval cannot
exceed a period of 1 year or the final day
of a contract, whichever is less. The approval
may be renewed annually (at least every
12 months)." This provision would apply to recurring visits by local FBI personnel.
Q: Can local implementation be more
restrictive than DOE S&S policy?
A: The S&S directives establish
the minimum requirements. Local implementation
may be more restrictive, but any action
beyond what is required may have to be justified
by a cost/benefit analysis to satisfy financial
requirements.
Q: Can a DOE Site/Office receive a
deviation from an Executive Order or a regulation?
A: If there is a process for deviating
from the requirements of a higher directive,
that process must be followed. The deviations
process in DOE M 470.4-1 covers only deviations
from a DOE S&S policy requirement. When
the S&S requirement is also an Executive
or regulatory requirement from which a deviation
is not authorized, the DOE M 470.4-1 process
can be used in a limited manner only. A
deviation may be considered from a DOE-originated
requirement that is intended to implement
a general requirement of a national-level
directive, so long as the modified implementation
achieves the full implementation of the
national-level requirement. A deviation
from an Executive or regulatory requirement
can only be considered under the specific
processes, if any, included in the Executive
or regulatory language
Q. When the Office of Health, Safety
and Security was established, the Office
of Security no longer existed organizationally.
Who should I contact to complete actions
required in the DOE 470.4 directive series
since there is no longer a position identified
as the Director of Security?
A: The Office of Security Directors'
responsibilities, with the establishment
of the Office of Health, Safety and Security,
fall under the Chief Health, Safety and
Security Officer, Glenn S. Podonsky and
the Deputy Chief for Operations, Michael
A. Kilpatrick.
Q: If there is a change in policy, will
official documentation be sent through the
proper channels and forwarded to all NNSA
and DOE sites?
A: Any changes to DOE S&S policy
will be made through the DOE Directives
System, which is established by DOE P 251.1A,
Departmental Directives Program Policy,
DOE O 251.1, Departmental Directives Program,
and DOE M 251.1-1B, Departmental Directives
Program Manual. Notifications can be received
when actions are taken on DOE directives
of interest by signing up for E-Mail Notification
in the middle of the Directives Home Page.
The web address is http://directives.doe.gov/alertmain.html.
You may also want to let your Directives
Point of Contact (DPC) know of your interest
in particular directives. The DPC list is
found on the Directives Home Page under
"References" (bottom of the left
side). The web address is http://www.directives.doe.gov/pdfs/doegeninfo/final/dpclist.pdf.
NNSA has statutory authority to establish
NNSA-specific policy (including changes
to DOE policy), unless disapproved by the
Secretary. If you have questions concerning
the process for changes in policy by NNSA,
you may wish to contact NNSA. NNSA Policy
Letter (NAP)-1 describes the process, and
it is available on the NNSA website http://hq.na.gov/default.aspx?L=ITEM&ITEM=2375&CA=30&OT=86&PI=2317.
Return
to Top of Page
Physical
Protection: Questions involving
DOE M 470.4-2 have arisen both the revised
directives resulting from the streamlining
initiative of August 2005 and the changes
associated with elite force that were published
in March 2006. Several of the questions
of most general interest are provided below.
Q: Must I install high security padlocks
on gates providing access to public and
property protection areas?
A: No, high security padlocks are not required;
but, DOE M 470.4-2, provides security criteria
for Level III security locks and keys that
are required for use on gates in fences,
cargo containers and storage areas for the
protection of Government property.
Q: Where can I find information about
the Levels of federally approved locks and
keys?
A: Federal specifications, appropriate for
high security locks and keys securing public
and property protection areas, are available
at the Department of Defense Lock Program
Technical Support organization. They provide
information to DOE on security hardware
and are available by accessing their web
site at https://portal.navfac.navy.mil/go/locks
or by calling (800) 290-7607 or (805) 982-1212.
Q: Is there an inventory requirement
for Level IV locks and keys?
A: No. There are no DOE requirements to
inventory Level IV locks and keys. However,
a locally developed procedure addressing
the issue, turn-in, loss, compromise and
control of Level IV locks and keys is a
sound business practice.
Q: I know that there is a new badge
being issued - when can I expect to receive
my new badge and how long will my current
DOE badge remain effective?
A: DOE and DOE contractor employees possessing
a DOE badge will be contacted when the identity
verification processing is completed. This
will be followed by the turn-in of the current
badge in exchange for the new DOE badge.
The current DOE badge will remain active
until the new badge is issued.
Q: What are the national drivers for
the posting of trespassing signs at DOE
facilities, installations, and real property
as prescribed by DOE M 470.4-2?
A: Section 229 of the Atomic Energy Act
of 1954 (42 U.S.C. 2278a) as implemented
by 10 CFR 860-Trespassing on Department
of Energy Property provides details for
posting the regulations and penalties. Those
DOE activities located on property under
the charge and control of the General Services
Administration, 41 CFR 101-20.3, Conduct
on Federal Property, and 41 CFR 102- 81,
Security, provide the guidance on the rules
and regulations involving the property.
Chapter XIV, Posting Notices, DOE M 470.4-2,
describes the requirements for the Posting
of property owned by or contracted to the
United States for DOE.
Q: Does the DOE-approved combination
lock on my vault door require modification
to permit one-handed operation for egress
in the event of an emergency?
A: No. If the lock meets the requirement
for installation on vault and vault-type-room
(VTR) doors, it does not require modification.
The approved lock has a built-in safety
release which must be engaged upon opening
the lock. It automatically releases the
latch when the door is opened. Thus, there
is no modification required to the existing
lock. Before someone is allowed to work
in a vault, he/she should be instructed
in the operating procedures, including the
opening, closing, and alarm shunting/activating,
the notification procedures when the alarm
is shunted/activated upon arriving/departing
the vault/VTR, and the response procedures
for incidents.
Q: What's DOE policy concerning leaving
a badge in a vehicle? Could I leave it in
my car, that way, I won't forget and leave
it at home because it will always be in
my vehicle when I return to work.
A: Paragraph 3.e of Chapter XV,
DOE M 470.4-2, requires each badge-holder
to protect "the security badge against
loss, theft, or misuse" and to report
"a lost, stolen, or misused badge to
the cognizant security authority within
24 hours of discovery." It is a poor
security practice to leave a DOE badge in
your vehicle. DOE badges should be protected
the same as you would protect/secure cash,
check book or credit card. Under isolated,
unavoidable circumstances, leaving the badge
in your locked vehicle, out of sight may
be necessary, but any available means must
be employed to eliminate unauthorized access
to the badge (e.g. placed in a glove box,
kept out of sight, car parked in an access-controlled
area).
Q: While on official travel hotel personnel
ask to make a copy of my DOE badge (in addition
to my official orders) to verify my DOE
status in order to receive the official
government rate. Should I allow them to
make a copy of my DOE badge?
A: No. Your DOE travel orders, your
Government credit card, and when asked,
showing your DOE badge, are sufficient to
validate the individual's status as a person
on official government travel. Title 18
U.S. Code, Section 701, prohibits the photography,
engraving, printing or impression in the
likeness of any such badge, identification
card, or any colorable imitation. Violations
of this Code may result in a fine or imprisonment
or both.
Return
to Top of Page
Protective
Force: Numerous questions have
been received as a result of the recent changes
in the DOE protective force (PF) policy. These
Frequently Asked Questions (FAQ) are intended
to provide context for the recent changes
and to enhance Departmental uniformity regarding
PF implementation.
In brief, DOE M 470.4-3, Protective Force,
was issued in August 2005 and was updated
in March 2006 (Change 1), to further the
Secretarial initiative to enhance the capabilities
of the DOE PFs. This change included tactical
response force doctrine, structure, deployment,
training, career progression plan, rules
of engagement, revised PF categories (Security
Police Officer (SPO)-I, -III, etc.), and
detailing application of the Offensive Combative
Standard and the Defensive Combative Standard.
Q: DOE M 470.4-3, Protective Force,
Appendix A-3 states "The posting of
perimeter signage that states, 'Halt: Deadly
Force is Authorized Beyond This Point' is
authorized. Signs must be posted at entrances
and at such intervals along the perimeter
of the property to ensure notification of
persons about to enter." Is the installation
of these signs required?
A: The signs are "authorized,"
not required. If they ARE posted, then the
instructions for wording, placement, and
intervals (which conform to the instructions
in DOE M 470.4-2, Physical Protection,
for perimeter signage) must be followed.
Q: Why is the posting of the warning
signs recommended?
A: In addition to being a warning to the
public and to adversaries, the signs are
intended as a tool to assist sites in the
development of defensive plans that include
reasonable Rules of Engagement in order
to minimize confusion and to maximize the
ability of the protective force to respond
adequately to an adversarial incursion.
Q: Does the posting of the warning signs
justify the application of deadly force?
A: No. By and of themselves, they do not
"justify" the application of deadly
force, but they certainly contribute to
the development of local Rules of Engagement
which should describe the post-specific
circumstances that would constitute hostile
intent on the part of an adversary, thereby
possibly justifying the application of force.
Q: Do the signs conform to the warning
addressed in 10 CFR 1047, "Limited
Arrest Authority and Use of Force by Protective
Force Officers"?
A: No. The signs alone do not constitute
the warning addressed in 10 CFR 1047; however,
if those signs are clearly posted and ignored
by an intruder, that action can then be
considered an indicator of hostile intent.
Taken together with other locally-defined
factors, they could aggregate to a level
that may justify a forceful reaction.
Q: Will DOE continue to have protective
force standardized weapons identified by
brand and caliber?
A: No. Protective force policy revisions
under development identify authorized weapons
by type, capability, and caliber or projectile
size. This change will allow sites greater
flexibility in meeting Design Basis Threat
requirements without having to employ the
deviation process.
Q: The current protective force manual
seems to be written primarily for contractor
forces. Will this be the case in the next
revision?
A: No. The next revision will establish
separate manuals for contractor and Federal
protective forces. Additionally the Federal
protective force manual will have individual
annexes that will address the specific differences
in Federal Agent, Federal Officer, and Special
Agent requirements and operations.
Q: The current protective force manual
includes courses of fire for various firearms.
How will those be addressed in future revisions?
A: The next version of the manual will
reference a Web page which will contain
all DOE approved courses of fire (COFs).
In the past, such COFs were promulgated
in manual form. That method now has become
far too time-consuming and unresponsive
to keep pace with exigencies associated
with the development of the Tactical Response
Force (TRF) concept which is needed to facilitate
the countering of an escalating DBT. Using
this improved methodology, new COFs can
be developed and validated within the complex.
After appropriate staffing, they can be
approved and employed.
Q: In the new protective force manuals,
how will one find out which modifications
to firearms are authorized?
Interested parties will be directed to
a Web page that will contain the DOE Firearms
Modification List, which addresses approved
modifications for all weapon systems, live-fire,
as well as, engagement simulation systems
(ESS).
Q: Does the DOE Federal Officer Program
still exist?
A: Yes. DOE M 470.4-3, Chg. 1, paragraphs
A.I.3.a.(2) and (3)(a), provide for both
unarmed and armed Federal Officers. Federal
Officers must be Federal employees. Both
armed and unarmed Federal Officers are authorized
to conduct investigations and liaison with
law enforcement, but only armed Federal
Officers have Federal arrest authority.
Q: Department of Energy (DOE) protective
force (PF) operations have been satisfactory
and stable for years. Why is the change
to an "elite force" or Tactical
Response Force necessary?
A: As the events of 9/11 and subsequent
events worldwide have shown, the adversary
that we have consistently projected since
1983 is not likely to be the adversary we
now expect to face. Today, we can anticipate
facing an adversary with more resources
and enhanced capabilities, and who routinely
plans to use suicidal tactics as a portion
of their overall tactical plan. In the past,
we were able to demonstrate an adequate
level of site defense by using a large number
of PF personnel in dispersed positions to
overwhelm the adversary upon detection.
Even a small increase in projected adversary
numbers makes this tactic unfeasible, both
tactically and from a resource standpoint.
Q: What policy directives were changed
to affect the Secretary's vision of an elite
PF for the DOE?
A: Page change revisions to implement
the elite PF initiative were made to the
three most applicable manuals to ensure
an integrated, systems approach to implementation
of Tactical Response Forces at Category
I/rollup and Threat Level 2 facilities (facilities
where a denial strategy is applicable):
DOE M 470.4-1 Chg1, Safeguards
and Security Program Planning and Management,
now contains the new DOE Tactical Doctrine
and other requirements for protection program
planning.
DOE M 470.4-2 Chg1, Physical
Protection, addresses physical security enhancements
and more reliance on technology to augment
PFs.
DOE M 470.4-3 Chg1, Protective Force, focuses
on changes to PF structure, organization,
deployment, training, supervision, equipment,
performance testing, and tactical exercises.
A career progression plan and new Rules
of Engagement for the application of deadly
force have been included within this manual.
Q: What is the Tactical
Response Force concept of employment?
A: The tactical response force concept,
combined with the integrated use of security
technology and a well designed barrier plan,
provides a solution that is less manpower
intensive and, at the same time, is less
sensitive to the number of adversaries encountered.
It recognizes that there traditionally have
been PF duties and posts that are primarily
intended to support routine operations and,
because of location or other considerations,
are of secondary tactical value during an
attack on a special nuclear material (SNM)
location. The tactical response force concept
redirects highly trained and tactically
skilled PFs toward their primary mission.
Similarly, the defense of an SNM location
involves three equally important functions:
early detection and assessment capabilities
to enable early interdiction as far away
from the target as possible; establishment
of a formidable protective perimeter around
the target before the adversary arrives;
and deployment of highly mobile, heavily
armed forces who assess early alarms, engage
adversaries sufficiently to evaluate their
main assault, and maneuver decisively against
them when the assault team is fixed by fire
from the defensive perimeter. Mobility and
firepower for the maneuver forces are provided
primarily by lightly armored vehicles with
weapons providing high rates of fire, and
secondarily by dismounted forces with lighter,
high rate of fire weapons such as the squad
automatic weapon. In general, mobile units
will be covered by over watch elements with
long range weapons on vehicles or within
the static defensive perimeter.
Q: What are the primary duties of the Tactical
Response Force?
A: Application of the Tactical Response
Force principles is dependent upon site-specific
defense strategies, but tends to lead naturally
to three categories of armed combatant:
1) armed personnel who are primarily assigned
to routine duties but who assume key blocking
positions upon attack; 2) armed personnel
near target locations who assume prepared
defensive positions upon attack; and 3)
mobile forces who carry the fight to the
adversary. The first two of these categories
will generally not be required to move long
distances under tactical conditions and
are categorized as Security Police Officers
(SPO)-I in the revised policy. Members of
the mobile force whose primary duty is to
fight using the capabilities and armament
of the vehicle could also be designated
as SPO-I. Mobile force members whose primary
mission is to maneuver on and attack adversary
forces on foot should be designated as SPO-II
and therefore subject to more rigorous physical
fitness standards. Members of either the
static or mobile force who are designated
as special response team members with responsibility
for reentering areas defended by an adversary
or other special response team duties, such
as hostage rescue and pursuit, should be
designated as SPO-III, with the accompanying
training and physical fitness requirements.
Q: Is every site required to have a Tactical
Response Force?
A: No. A Tactical Response Force
is required only at sites where the PF is
responsible for the security of Category
I quantities of SNM; credible rollup of
SNM to a Category I quantity; and those
facilities that meet or exceed the Threat
Level 2 criteria specified in DOE O 470.3A,
Design Basis Threat Policy, for chemical,
radiological, or biological thresholds.
(At this time, none have been designated.)
Q: Who determines which categories of
SPOs are needed at a site and in what numbers?
A: DOE policy provides sites/facilities
the latitude, based on mission, vulnerability
analyses, protection strategy, and response
plans, to decide how many SPOs are needed
in each category. Those decisions are made
in conjunction with respective Headquarters
Program Offices.
Q: Are all DOE PF personnel required
to complete a one-mile run as part of their
physical fitness qualifications?
A: No. DOE M 470.4-3 Chg1, Protective
Force, requires that those personnel designated
as SPO-II or SPO-III must meet the Offensive
Combative Standard (OCS) specified in Title
10, CFR, Part 1046, "Physical Protection
of Security Interests." Those designated
as SPO-I are required only to meet the Defensive
Combative Standard (DCS). The most significant
difference between the OCS and DCS is a
1-mile run in 8 minutes 30 seconds for OCS
versus the half-mile run in 4 minutes 40
seconds for DCS. Unarmed security officers
have no physical fitness standard.
Q: What is the difference between offensive
and defensive posts?
A: In general, at sites where a
Tactical Response Force (TRF) is required,
offensive posts are those manned by individuals
who take the fight to adversaries and who
meet the OCS fitness requirement. These
are members of the active defense, or maneuver
element, and would deploy from a vehicle
or post with expectations of moving greater
than 50 yards from that vehicle or post.
Defensive posts are situated such that the
adversaries must come to them and are staffed
by personnel who meet the DCS fitness requirements.
As part of the static or fixed defense,
they may deploy from a vehicle or post with
expectations of moving less than 50 yards
from that vehicle or post. The cited distances
associated with deployment are intended
as general guidelines and are dependent
upon the most tactically advantageous maneuver
options available from the post or patrol
at the time of deployment. They distinguish
relatively short distances that could be
negotiated by less physically-capable SPOs,
as opposed to longer distances that might
require more stamina. At sites where a TRF
is not required, reaction distances for
DCS-qualified personnel will vary depending
on the post response plans. Line management
is responsible for determining the likelihood
of extended deployment zones for each assigned
post, whether offensive or defensive.
Q: Why is there no longer a "grandfather
clause" for the OCS so that PF personnel
with age, illness, or injury issues can
keep their jobs as SPO-IIs?
A: With the publication of DOE M
473.2-2, Protective Force Program Manual,
on
6-30-00, the fitness requirement for SPO-IIs
was established at the OCS as described
in Title 10 CFR 1046, "Physical Protection
of Security Interests." A "grandfather
clause" was inserted that allowed incumbent
SPO-II personnel to remain at the DCS. When
DOE M 470.4-3, Protective Force, was published
on 8-26-05, the grandfather clause was not
included, because the original intent of
the CFR was spelled out in more detail,
noting that the fitness standard for an
individual depended on assignment. DOE sites
were to designate posts as either offensive
or defensive in nature, with the intent
that less physically demanding defensive
posts could be staffed by those who could
not meet the OCS.
Q: How do the new designations of SPO-I,
II, and III relate to the old ones, especially
with regard to physical fitness standards?
A: Previously, few sites used the
SPO-I designation, but those who were so
designated were required to meet the DCS
contained in Title 10 CFR. The SPO-II designation
was applied to more highly-trained PF personnel
who, depending on duty assignment, might
be required to meet either the DCS or the
OCS specified in 10 CFR 1046. SPO-IIIs were
even more highly trained, including certain
specialized training, and required to meet
the OCS. The revised categories and physical
fitness standards are shown in the table
below.
Previous Directives
|
|
Current Directives
|
Position Designation
|
Physical Fitness
Standard
|
|
Position Designation
|
Physical Fitness
Standard
|
SO |
None |
|
SO |
None |
SPO-I |
Defensive Combative Standard |
|
SPO-I |
Defensive Combative Standard |
SPO-II (Defensive) |
Defensive Combative Standard |
|
SPO-II (Offensive) |
OffensiveCombative Standard |
|
SPO-II |
Offensive Combative Standard |
SPO-III |
Offensive Combative Standard |
|
SPO-III |
Offensive Combative Standard |
Q: How are the older and more senior
PF personnel supposed to be able to qualify
as SPO-IIs?
A: The ability to qualify as a SPO-II
at the OCS is not so much a function of
age, seniority, or gender as it is of physical
conditioning resulting from a disciplined
individual wellness and fitness program.
Injuries or illness can produce exceptions,
of course. The Secretary's elite force initiative
resulted in a Tactical Doctrine and a Career
Progression Plan that combine to provide
DOE sites the opportunity to develop protection
plans that include the establishment of
both offensive and defensive posts. Personnel
who can meet the OCS may be categorized
as SPO-IIs or -IIIs and assigned to the
offensive posts, while those who can qualify
only at the DCS may be categorized as SPO-Is
and assigned to defensive posts. This policy
changes mainly the title, or categorization,
of PF personnel. Those persons who previously
worked SPO-II defensive posts may continue
to be eligible to work those posts and remain
valued and essential members of the PF;
the new policy simply redesignates them
as SPO-Is.
Q: Does DOE policy dictate which categories
of PF personnel, and in what numbers, are
to be assigned to a site?
A: Yes, Tactical Response Forces
are required at sites with Category I quantities
of SNM; credible rollup of SNM to a Category
I quantity; and those facilities that meet
or exceed the Threat Level 2 criteria specified
in DOE O 470.3A, Design Basis Threat Policy,
for chemical, radiological, or biological
thresholds. Tactical Response Forces require
some Offensive Combative Standard (OCS)
qualified protective force personnel. Within
this constraint, DOE policy provides sites/facilities
the latitude, based on protective force
mission, vulnerability analyses, protection
strategy, and response plans, to decide
how many SPOs are needed in each category.
Those decisions are made in conjunction
with respective Headquarters Program Offices.
Threat Level 3 and 4 sites do not require
OCS qualified protective force personnel.
Q: If circumstances warrant the designation
of most or all PF personnel as SPO-IIs,
thereby requiring the OCS, must all qualify
at that standard immediately?
A: If management is committed to
designating all or most of their PF personnel
as SPO-IIs, then those so designated will
be required to meet the OCS. Even at that,
management will have the latitude to establish
compliance milestones in their implementation
plans to allow phase-in of the OCS. Paragraph
8 of the introductory section of DOE M 470.4-3,
Chg. 1, states: "Requirements that
cannot be implemented within 6 months of
the effective date of this Manual or within
existing resources must be documented by
the cognizant security authority and submitted
to the relevant program officers
"
That provision allows the sites time to
prepare PF personnel who will be assigned
to offensive posts to attain the ability
to complete the OCS.
Q: Why do the DOE physical fitness standards
not allow for age and gender variations?
A: DOE policy does not discriminate
based on age or gender with regard to the
performance of assigned duties. All SPOs
within specific categories, regardless of
age or gender, must be able to perform the
essential tasks of their assigned positions,
whether offensive or defensive. This concept
has been accepted within the DOE since the
mid-1980s.
Q: Why doesn't the DOE adopt an approach
to fitness standards such as that used by
the military?
A: The military, although similar
in some respects, is structured differently.
With some exceptions, older, more senior
individuals and females are generally more
remote from direct engagement with the enemy
than younger males. The vast infrastructure
of the military demands that more experienced
personnel advance into less tactically-oriented,
and thus less physically demanding, roles;
therefore, their fitness standards adjust
accordingly. DOE PF organizations are not
structured to accommodate large numbers
of personnel whose primary duties do not
revolve around tactical defense of a nuclear
site. Any modifications to the current standards
will comply with rulemaking requirements,
to include addressing all public comments.
Q: Are the mile and half-mile
run standards legitimate tests of a person's
fitness to perform DOE PF duties?
A: The present standards were derived
from a correlation between observed performance
of a series of tactical scenarios and the
selected evaluative criteria. The DOE Office
of Security Policy is evaluating a revised
standard that will be equally demanding,
but will consist of tasks more closely resembling
current PF duty requirements.
Q: Must the assignment of automatic
weapons, particularly, crew-served firearms,
be limited to PF personnel who have qualified
at the OCS?
A: No. DOE policy does not limit
the employment of automatic weapons to sites
or posts designated as offensive. In fact,
DOE Tactical Doctrine encourages the placement
of crew-served automatic weapons in defensive
emplacements protecting sensitive targets.
Q: Did the elite force policy revisions
change the requirement for possession of
a "Q" clearance to be assigned
an automatic weapon?
A: No. The issue of the requirement
to have a "Q" clearance to be
armed with an automatic weapon was not affected
by the elite force policy revisions. Title
10 Code of Federal Regulations (CFR) 1046.14
conveys two stipulations: "SPOs possessing
less than "Q" access authorization
shall not be assigned to offensive positions
or (emphasis added) duties where fully automatic
firearms are required." "Offensive
positions" and "duties where fully
automatic firearms are required" are
not synonymous. It makes no difference whether
an automatic weapon is deployed in a defensive
or an offensive position; the SPO to which
the weapon is assigned must have a "Q"
clearance according to the CFR.
Q: What has been done to clarify the
circumstances under which deadly force may
be applied at the site level?
A: The March 2006 policy revisions
included, for the first time, guidelines
for rules of engagement (ROE) that require
the development of site- and post-specific
ROE incorporating the concept of "hostile
intent." Such ROE must consider the
type of materials being protected, site
geography, building construction, PF strength
and capability, adversary task times, adversary
characteristics as described in the current
DOE Design Basis Threat, and consequences
of asset loss. The ROE must clearly state
under what conditions the circumstances
of hostile intent have been met for each
post in order for deadly force to be applied.
The posting of perimeter signage that states,
"Halt, Deadly Force is Authorized Beyond
This Point" is authorized. Completed
ROE must be submitted to the DOE cognizant
security authority for review and approval.
The National Nuclear Security Administration
requires that site ROE be reviewed by the
local DOE Chief Counsel. Upon approval,
examples of likely scenarios where the use
of deadly force may and may not be authorized
must be included in General and Post Orders.
Return
to Top of Page
Information
Security: DOE M 470.4-4, Information
Security, establishes security requirements
for the protection and control of information
and matter required to be classified or controlled
by statutes, regulations, or DOE directives.
Change 1 to the manual updates, clarifies
and modifies the directive in accordance with
the needs/requests that have been received
from throughout DOE, especially pertaining
to eliminating unnecessary resource burdens
while maintaining protection and accountability
for accountable classified removable electronic
media (ACREM). Common information security
topics are addressed below.
Q: Does classified matter that is going
to be destroyed have to be protected (but
not stored) and controlled until it is finally
destroyed?
A: Yes, classified matter must be protected
and controlled until it is finally destroyed.
For classified matter to be protected and
controlled, it must either be "in use"
(constantly attended by, or under the control
of, a person possessing the proper security
clearance and need-to-know) or securely
stored in an approved secure storage repository
(i.e. vault, safe or vault-type room).
Q: I am the ACREM Custodian, do I have
to destroy my ACREM or can I delegate it
to someone?
A: As ACREM Custodian, you would not have
to destroy your ACREM personally unless
it is required by local procedures. However,
an individual who is authorized access to
the ACREM must accompany the matter to the
destruction site and witness the destruction
to include inspecting the residue. To remove
the ACREM from accountability, a copy of
the destruction certificate certifying the
ACREM was destroyed would have to be presented
to you as the ACREM Custodian. The certificate
must include the name of the individual
who validated the destruction.
Q: Why was non-standard storage removed
from the current Information Security Manual
(DOE M 470.4-4)?
A: By definition, non-standard storage
(NSS) differs from normal storage conditions
and ability to meet typical requirements.
Given this divergence from the norm and
the wide dissimilarities from one instance
of NSS conditions to the next, policy was
changed such that NSS was intended to be
treated as a deviation rather than an ordinary
process. Due to the size, shape or other
characteristics of certain classified matter
in DOE, the need for NSS policy or requirements
continues to be explored. New policy on
NSS is being drafted and will be included
the next version of the Information Security
Manual.
Q: What is the NISPOM and how does it
apply to DOE?
A: The National Industrial Security
Program Operating Manual (NISPOM) is the
implementing directive for the National
Industrial Security Program (NISP), which
was established by Executive Order 12829,
to achieve common standards for protecting
classified information that is held by contractors,
licensees, and grantees of the Federal Government.
National security requires that this information
be safeguarded equivalent to its protection
within the executive branch. The NISP is
applicable to all executive branch departments
and agencies. Under the Atomic
Energy Act of 1954, as amended (AEA), DOE
is responsible for controlling the protection,
classification, dissemination and declassification
of Restricted Data. Concurrently, under
the NISPOM, the Secretary of Energy retains
authority over the information classified
under the provisions of the Atomic Energy
Act of 1954, as amended. Moreover, the security
cognizance over the Department remains with
the Department of Energy. Thus, DOE retains
responsibility for security administration
regarding classified activities and contracts
under its purview.
Q: Why must I remove my DOE/Site parking
pass/DOE Badge from open view when I leave
DOE property?
A: Your parking pass and badge reveal
information about you. There are several
reasons to remove parking passes from open
view (and similarly protecting badges).
These include considerations of personal
safety as well as personal and organizational
security. From a safety perspective, a parking
pass hanging from a rear-view mirror can
obstruct a driver's vision. Additionally,
the parking pass or badge provides information
about you that may be useful to a stranger
who intends you harm, or to an adversary
or competitor of your organization or the
Federal Government. Significant concerns
include turning you and/or your car and
its contents into a target of opportunity
(breaking into your vehicle to steal the
pass; or creating a counterfeit pass or
badge based on visual access to yours).
Such release of relatively small amounts
of information (e.g. parking passes, individuals
who possess them and how they are used)
may be combined with other public or unprotected
information to permit an aggressor to defeat
access control processes, disrupt missions/operations,
or otherwise compromise important activities.
Q: What is the difference between the
terms Electronic Storage Media (ESM) and
Classified Removable Electronic Media (CREM),
as used in DOE M 470.4-4, Information Security?
A: Electronic storage media (ESM)
refers to all electronic storage media.
It does not have to be classified or removable,
whereas CREM must be both classified and
removable. Additionally, the term ACREM
is used for accountable classified removable
electronic media. Given these definitions,
ACREM is a subset of CREM and CREM is a
subset of ESM.
Q: When may I consider classified electronic
storage media (ESM) to be unclassified?
A: Generally, DOE M 470.4-4, Information
Security, does not permit classified ESM
to be removed from accountability, downgraded
or declassified if the ESM provides any
potential access to information that made/makes
it accountable or classified at a specific
level and/or category. The basic performance
requirement is that no classified information
is present or recoverable before any of
these actions are permissible. The DOE Office
of the Chief Information Officer promulgates
policy indicating approved methods for accomplishing
the sanitization, clearing and destruction
of electronic media for use in determining
the proper classification and accountability
status of ESM.
Q: What is PII and how can I learn more
about it?
A: According to the Office of Management
and Budget (OMB) memorandum M-06-16, Protection
of Sensitive Agency Information, the term
Personally Identifiable Information (PII)
means any information about an individual
maintained by an agency, including, but
not limited to, education, financial transactions,
medical history, and criminal or employment
history and information which can be used
to distinguish or trace an individual's
identity, such as their name, social security
number, date and place of birth, mother's
maiden name, biometric records, etc., including
any other personal information which is
linked or linkable to an individual. Within
DOE, PII is considered a sub-set of Official
Use Only (OUO) information. This type of
information has been considered OUO since
the inception of OUO in DOE, but was uniquely
identified as PII throughout the Executive
Branch at the direction of OMB. Additional
information regarding OUO can be found in
DOE O 471.3, DOE M 471.3-1, and DOE G 471.3-1,
all of which concern Identifying and
Protecting Official Use Only Information.
Return
to Top of Page
Nuclear
Material Control and Accountability:
DOE M 470.4-6, Nuclear Material Control
and Accountability, was issued on August
26, 2005, and page changes were issued to
that manual as Change 1 on August 8, 2006.
The most frequently asked questions concern
credible roll-up and tritium, which are
answered briefly below.
Q: What is the purpose of an MC&A
plan?
A: MC&A plans can serve as a planning
document for the facility to use in carrying
out its MC&A program and budgeting for
its operations. Additionally, MC&A plans
have several purposes:
1) Providing documentation
to DOE/NNSA about how facilities will operate
their MC&A programs, MC&A plans
are required by DOE M 470.4-6, Nuclear Materials
Control and Accountability, for all facilities
possessing nuclear materials, and represent
commitments by the facility to DOE/NNSA
to operate their MC&A program as described
in the plans or to standards exceeding the
requirements of the plans. As such, facilities
can be audited or inspected by DOE offices
or programs against the plans;
2) Establishing specific
authorities and responsibilities for MC&A
functions (e.g. accounting systems, measurements,
measurement control, inventories, internal
reviews, access controls, and material surveillance.);
3) Describing local implementation
of DOE 470.4-6, at the facility, and how
facility MC&A programs meet the requirements
of that directive; and
4) Documenting facility
specific requirements approved by the DOE
cognizant security authority, including
but not limited to the scope and extent
of performance testing, measurement requirements
for internal transfers, parameters for statistical
sampling plans for physical inventories,
frequency and scope of internal reviews
of MC&A programs, and extensions to
inventory frequencies. Ideally, all locally
approved requirements will be addressed
in the MC&A plan.
Q: Who approves MC&A plans?
A: DOE M 470.4-6 requires that a specific
DOE cognizant security authority (which
could be the site security director, site
manager or MC&A program manager depending
on formal delegation) be designated as the
DOE approving authority for MC&A plans,
activities, and documents - including the
MC&A plan, but does not specify who
the approving authority should be. Program
and site offices decide at what level of
their organization MC&A approval authorities
should reside based upon their resources
and management structure. More generally,
DOE O 470.4A designates the Departmental
Under Secretaries as the overall cognizant
security authorities for their organizations,
and allows them to delegate those authorities
to lower level DOE/NNSA officials. The delegations
of authority are required to be in writing,
and should be addressed in documents describing
program functions, responsibilities, and
authorities.
Q: What are Reporting Identification
Symbols (RISs) and how are they used?
A: RISs are three or four letter codes
assigned to DOE offices and contractors
that possess nuclear materials, as well
as NRC office and licensees that possess
these materials. RISs for DOE offices and
contractors are assigned by the Office of
Information Management, HS-1.22. RISs for
NRC offices and Licensees are assigned by
the NRC Office of Nuclear Material Safety
and Security. They are used for reporting
nuclear materials inventories and transactions
to the NMMSS. All DOE offices and contractors
possessing reportable quantities of nuclear
materials are required to have an RIS. They
are also required to have a nuclear materials
representative (NMR) for the RIS; the NMR
is responsible for submitting site/facility
data to NMMSS.
There is a rough correspondence between
DOE sites and RISs, but the correspondence
is not exact for several reasons: Different
RISs are required for each DOE contractor
possessing nuclear materials, and sites
can have more than one contractor that possesses
materials. Different RISs are used for waste
areas than for processing and storage areas
on the same site. Materials under the International
Atomic Energy Agency (IAEA) are reported
to NMMSS using a different RIS from other
site RISs. Many DOE site offices have their
own RIS separate from contractor RISs. For
these reasons, most major DOE sites have
more than one RIS. Additionally, some offsite
materials may be included in the DOE office's
or contractor's RIS.
Q: What nuclear materials does DOE
M 470.4-6 address?
A: These nuclear materials include: Americium-241,
americium-243, berkelium, californium-252,
curium, deuterium, depleted uranium, normal
uranium, enriched uranium, uranium-233,
enriched lithium, plutonium, neptunium-237,
thorium, and tritium.
DOE M 470.4-6 focuses on plutonium, enriched
uranium, uranium-233, separated americium,
and separated neptunium-237, because of
their proliferation potential, but requires
MC&A programs for all these materials.
Plutonium, enriched uranium, and uranium-233
are defined or designated as special nuclear
material (SNM) by the Atomic Energy Act
of 1954 and have long been considered material
of concern for nuclear proliferation. More
recently the International Atomic Energy
Agency recommended that separated americium
and separated neptunium-237 be treated the
same as SNM for safeguards purposes, and
DOE has adopted this recommendation into
its regulations.
Q: What are the MC&A requirements
for non-SNM?
A: Requirements for tritium, separated
americium, and separated neptunium, are
based on those for SNM. Requirements and
graded safeguards thresholds for separated
neptunium-237 and separated americium are
identical to those for U-235. Tritium is
treated as either Category III or IV SNM
depending on its form, quantity, and isotopic
purity.
MC&A requirements for non-SNM materials
other than tritium, separated neptunium-237,
and separated americium, are largely at
the discretion of the DOE cognizant security
authority responsible for MC&A. The
only specific requirements are that
1) An MC&A program be
established and maintained for these materials
based on the strategic and monetary value
of the materials.
2) The data fields for the
materials accounting system for these materials
be consistent with those required by DOE
M 470.4-6.
3) Reporting Identification
Symbol (RIS) level transactions and inventories
be documented by the system and reported
to the Nuclear Materials Management and
Safeguards System (NMMSS) in accordance
with DOE M 470.4-6, Section B. (Berkelium
is not required to be reported to NMMSS
because the total amount DOE owns is very
small, it has a short half-life, and it
has been written off DOE's financial records
by the Office of Financial Management.)
4) Physical inventories
of these materials be conducted on a periodic
basis at a frequency and in a manner approved
by the DOE cognizant security authority
and documented in the MC&A plan.
5) Materials that are collocated
with SNM and are credible substitution materials
for the SNM be inventoried at the same frequency
as the SNM and measurement methods used
for inventories are capable of distinguishing
between the SNM and the collocated materials.
Q: Are DOE-owned nuclear materials at
NRC licensee facilities reported to NMMSS
under DOE requirements or NRC requirements?
A: They are reported using DOE requirements.
This is based on an agreement between DOE
and NRC and is reflected in NRC regulatory
documents NUREG/BR-0006, Instructions for
Completing Nuclear Material Transaction
Reports, and NUREG/BR-0007, Instructions
for the Preparation and Distribution of
Material Status Reports. Additionally, the
requirement to report pursuant to DOE instructions
is usually reflected in contract and lease
agreements for use of DOE-owned materials
by NRC licensees.
Q: What does the term "credible
roll-up" mean with regard to MC&A?
A: Roll-up is the accumulation to
a higher safeguards category of special
nuclear material (SNM) from lower category
locations. Roll-up is credible if the materials
can be accumulated and removed from the
site prior to interruption and defeat by
site personnel, including protective forces.
Q: I'm confused by tritium "reportable
quantity" vs. "reporting unit."
Table I-2 of Section A of DOE M 470.4-6,
Chg 1, lists the "reportable quantity"
for tritium as 1 gram, but Table XV-1 of
Section B of same manual lists the "reporting
unit" for tritium as 1/100 of a gram.
Why are these two quantities different?
A: Reporting unit and reportable
quantity are different concepts. Reporting
unit is the mass unit that facility/site
nuclear material accounting systems use
for recording and reporting inventories
and transactions. Reportable quantity is
the minimum amount of a material that a
facility must have to be subject to requirements
of DOE M 470.4-6 for that material. Except
for tritium, the reporting units and reportable
quantity for nuclear materials are same.
Historically, a hundredth of a gram was
both the reporting unit and the reportable
quantity for tritium. In 2003, the reportable
quantity of tritium was changed to a gram
in order to exempt facilities with less
than that amount (primarily research facilities)
from the MC&A requirements for tritium.
The reporting unit was being maintained
at 1/100 of a gram at the request of our
larger tritium facilities and to maintain
compatibility with historical MC&A record-keeping
systems. Facilities with more than a gram
of tritium are still required to report
transactions of 1/100 of gram or more.
This
page was last updated on
July 08, 2008
|