Date: April 26, 1999
Sunset Review: April 26, 2003
Subject: Delegation of Authority for Physical Security Programs
1. DELEGATION. The Director, Office of Security, (hereafter the Director) is delegated the authority and Departmentwide responsibility for physical security programs, including information security and industrial security.
2. RESPONSIBILITIES.
a. The Director shall:
(1) serve as principal adviser to the Assistant Secretary for Management and Chief Financial Officer to carry out security responsibilities under Executive Orders (E.O.) 12829, 12958 and 12977, Information Security Oversight Office (ISOO) directives, Security Policy Board (SPB) issuances;
(2) develop Departmental physical, information and industrial security policies, standards, criteria, and procedures for publication in 31 CFR Part 2 and/or the Department of the Treasury Security Manual;
(3) conduct active oversight to ensure that bureau physical security, information security and industrial security programs comply with Treasury policies (including periodic review and assessment of classified information), and that bureau security regulations conform to minimum standards promulgated by the Director;
(4) develop, monitor and compile annual reports (including accounting for costs of implementing E.O. 12958) required by the ISOO and/or the SPB, and serve as liaison with those organizations;
(5) establish, coordinate and maintain active training programs for employees throughout the Department who are authorized access to classified information;
(6) provide guidance on security classification, required markings, mandatory declassification reviews, downgrading, declassification, reclassification, and control/decontrol of Sensitive But Unclassified (SBU) information;
(7) establish policies, procedures and techniques to ensure a minimum level of physical protection for personnel, property, facilities and information;
(8) devise and carry out periodic testing of the adequacy of physical security programs throughout the Department and ensure that safeguarding practices and procedures are continuously reviewed and effective;
(9) serve as the focal point for physical security matters which require Departmental action. This includes classified information, SBU information, security violations, foreign contact reporting, challenges and appeals to original classification actions, mandatory/automatic declassification reviews, and physical security requirements for communications and automated data processing systems security facilities and material;
(10) represent the Department on interagency committees and maintain liaison with other Federal agencies concerning physical security, information security and industrial security matters;
(11) administer the National Industrial Security Program (NISP) under E.O. 12829 and maintain effective liaison with the Defense Security Service on behalf of the Department and bureaus when industrial security program services are provided to Treasury components. This includes reviewing and requiring changes to contract security classification specifications; and
(12) review all proposed bureau security directives and regulations governing physical security, information security and industrial security, prior to publication and ensure that bureaus make any necessary modifications required to be consistent with Treasury policies.
b. The Deputy Assistant Secretary for Administration, Heads of Bureaus, the Inspector General and the Inspector General for Tax Administration, as it relates to their respective bureaus and offices, shall:
(1) direct, coordinate and administer physical security programs in accordance with 31 CFR Part 2 and the Department of the Treasury Security Manual;
(2) designate physical security, information security and industrial security officer(s) and submit designations in writing to the Director, with updates as necessary;
(3) maintain liaison with the Director concerning industrial security contracts under E.O. 12829. This includes forwarding contract security classification specifications for each industrial security contract to the Director, for review and making necessary changes as required to be consistent with Treasury policy;
(4) submit all proposed security regulations governing physical security programs, including information security and industrial security, to the Director prior to publication, and make requested modifications to ensure consistency with Treasury policies; and
(5) respond to requests from the Director for reports, information and assistance as may be necessary to fulfill the Director's responsibilities.
3. DEFINITIONS.
a. Physical Security Programs include protective measures to safeguard personnel, prevent unauthorized access to and safeguard property and information.
b. Information Security Programs include protective measures to identify and safeguard classified national security information by persons authorized access to such material under E.O. 12968 and to deny access to unauthorized persons under E.O. 12958. This also includes Treasury requirements for access to SBU.
c. Industrial Security Programs include protective measures for safeguarding classified information which, under the NISP, is authorized for release and provided to U.S. industrial organizations, educational institutions and contractors under E.O. 12829 and the National Industrial Security Program Operating Manual.
4. AUTHORITIES.
a. 31 CFR Part 2, "National Security Information".
b. Treasury Order 102-19, "Delegation of Original and Derivative Classification Authority", dated March 19, 1998.
c. Treasury Order 102-20, "Delegation of Authority Concerning the Information Security Program", dated March 19, 1998.
d. E.O. 12829, "National Industrial Security Program", dated January 6, 1993.
e. E.O. 12958, "Classified National Security Information", dated April 17, 1995, as amended.
f. E.O. 12968, "Access to Classified Information", dated August 2, 1995.
g. E.O. 12977, "Interagency Security Committee", dated October 19, 1995
h. Department of Justice, "Vulnerability Assessment of Federal Facilities", dated June 28, 1995.
i. 32 CFR Part 2001, "Classified National Security Information".
j. National Industrial Security Program Operating Manual, dated January 1995.
5. REFERENCES.
a. TD 71-10 and TD P 71-10, "Department of the Treasury Security Manual".
b. TD 12-60, "Delegations for Telecommunications and Information Systems Security".
c. TD 85-09, "Responsibilities for Telecommunications and Information Systems Security".
6. LIMITATION. This directive does not delegate any authority to classify national security information.
7. CANCELLATION. This directive supersedes TD 71-08, "Delegation of Authority for Physical Security Programs", dated April 14, 1989.
8. OFFICE OF PRIMARY INTEREST. Office of Security, Office of the Assistant Secretary for Management and Chief Financial Officer
/S/
Nancy Killefer
Assistant Secretary for Management
and Chief Financial Officer