Management System: Safeguards, Security, and Emergency Management
Subject Area: Facility Operations
Point of Contact: | PEGGY JACKSON |
Management System Owner: | EARL HICKS |
Secondary Management System Owner: | THOMAS GRADLE JOHN MEDLOCK |
Issue Date: 12/21/2012
SCMS Revision: 2.3
1.0 Introduction
This subject area (SA) establishes the procedures and functional responsibilities for Facility Operations. Facility Operations consists of six key elements:
-
Classified Matter Protection and Control (CMPC): The CMPC Program is a program that ensures protection and control of classified matter. Its objectives are to:
Protect and control classified matter that is generated, received, transmitted, used, stored, reproduced, or destroyed;
Establish an audit trail for all accountable classified matter;
Establish required controls based on classification level (Top Secret, Secret, or Confidential) and category [Restricted Data (RD), Formerly Restricted Data (FRD), or National Security Information (NSI)], special handling instructions or caveats.
-
Incidents of Security Concern (IOSC): The IOSC Program is a program that sets forth requirements for timely identification and notification of, response to, inquiry into, reporting of, and closure actions for incidents of security concern.
-
Ensures that Critical Program Information (CPI), including unclassified controlled information is protected from inadvertent and unauthorized disclosure;
Provides management with the information required for sound risk management decisions concerning the protection of sensitive information;
Ensures that OPSEC techniques and measures are used throughout the department.
The review process must include a multi-layer review to ensure suitability of the information for worldwide public release.
-
The Local Threat Statement provides the basis for local security planning. Preparation is the responsibility of the local U.S. Department of Energy (DOE) OPSEC manager.
Nuclear Material Control and Accountability (NMC&A):
The primary role of NMC&A is to help prevent and detect the theft of nuclear material from DOE-owned and DOE-leased facilities, and DOE-owned nuclear materials at other facilities that are exempt from licensing by the Nuclear Regulatory Commission (NRC). Material control and material accountability are distinct, but complimentary activities. The goal of material control is to prevent the loss or provide timely detection of thief or diversion of nuclear material, while the goal of material accountability is to provide assurance that no loss of materials has occurred. NMC&A functions are implemented through a single organization that is independent from organizations having responsibility for operations or production. This requirement is intended to avoid possible conflicts of interest with production-related activities.
Nuclear Materials Management (NMM):
The role of NMM is to effectively manage DOE-owned and/or DOE-managed accountable nuclear materials for use in national defense and in other DOE and non-DOE programs. The utilization of nuclear materials involves major expenditures and long lead times; therefore, NMM includes annual assessments of nuclear material inventories; evaluations of current and projected mission needs; and identification of consolidation and disposition opportunities.
-
Classification:
Provides requirements for managing DOE classification and declassification program, including details for classifying and declassifying information, documents, and material;
Provides the requirements for identifying and protecting Unclassified Controlled Nuclear Information (UCNI);
Establishes a program to identify certain unclassified controlled information as Official Use Only (OUO) and to identify, mark, and protect documents containing such information. This information may be exempt from public release under the Freedom of Information Act (FOIA) and has the potential to damage governmental, commercial, or private interests if disseminated to persons who do not need to know the information to perform their jobs or other DOE-authorized activities.
2.0 Contents
Procedures |
Procedure Content |
1. Managing A Classified Matter Protection and Control (CMPC) Program
|
|
2. Implementing and Managing an Incident of Security Concern (IOSC) Program
|
|
3. Managing An Operations Security (OPSEC) Plan
|
|
4. Reviewing and Approving Shipper/Receiver Agreements
|
|
5. Reviewing Significant Shipper/Receiver Differences
|
|
6. Establishing and Updating Nuclear Material Project Numbers
|
|
7. Submitting Nuclear Materials Inventory Assessments
|
|
8. Identifying and Facilitating Classification Documentation
|
|
3.0 Exhibits/Forms
Classified Matter Protection and Control (CMPC) Points of Contact
Example of the Nuclear Materials Inventory Assessment (NMIA) Memorandum & Guidance
Example of Ending FY 20XX Nuclear Material Inventory Assessment (NMIA) Guidance
DOE F 470.1, Contract Security Classification Specification (CSCS)
Subject Area Indicators and Key Word List for Restricted Data and Formerly Restricted Data
Suggested Format and Technical Content of Shipper/Receiver Agreements
4.0 Related Information
-
For Local Implementing Procedures, see site-specific documentation
-
DOE‑STD‑1194‑2011, Nuclear Material Control and Accountability
-
Federal Information Processing Standard (FIPS) 199, Standards for Security Categorization of Federal Information and Information Systems
-
NIST SP 800-30, Risk Management Guide for IT Systems
-
NIST SP 800-34, Revision 1, Contingency Planning Guide for Federal Information Technology Systems
-
NIST SP 800-37, Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach
-
NIST SP 800-40, Version 2, Procedure for Handling Security Patches
-
NIST SP 800-47, Security Guide for Interconnecting Information Systems
-
NIST SP 800-50, Building an Information Technology Security Awareness and Training Program
-
NIST SP 800-53, Cyber Security Self Assessment Guide
-
NIST SP 800-59, Guide for Mapping Information and Information Types to Security Objectives and Risk Levels
-
NIST SP 800-61, Revision 2, Computer Security Incident Handling Guide
-
NIST SP 800-64, Revision 2, Security Consideration in the Information System Development Life Cycle
-
NIST SP 800-65, Integrating Security into the Capital Planning and Investment Controls Process
-
NIST SP 800-68, Guidance for Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist
-
NIST SP 800-73-2, Interfaces for Personal Identity Verification
-
NIST SP 800-76-1, Biometric Data Specification for Personal Identity Verification
-
Nuclear Materials Management and Safeguards System (NMMSS) (Classified System)
-
Nuclear Materials Management and Safeguards System (NMMSS) User Guide
-
Safeguards and Security Policy Information Resource Web site
5.0 Requirements
Document | Title | Requirement Decision Record |
10 CFR 1046 | Physical Protection Of Security Interest | Completed |
DOE M 142.2-1 | Manual For Implementation Of The Voluntary Offer Safeguards Agreement And Additional Protocol With The International Atomic Energy Agency | Completed |
DOE O 142.2A | Voluntary Offer Safeguards Agreement And Additional Protocol With The International Atomic Energy Agency | Completed |
DOE O 410.2 | Management of Nuclear Materials | Completed |
DOE O 457.1 | Nuclear Counterterrorism | Completed |
DOE M 457.1-1 | Control Of Improvised Nuclear Device Information (Official Use Only) | Completed |
DOE P 470.1A | Safeguards and Security Program | Completed |
DOE O 470.3B | Graded Security Protection Policy | Completed |
DOE O 471.1B | Identification and Protection of Unclassified Controlled Nuclear Information | Completed |
DOE O 471.3, Admin. Change 1 | Identifying and Protecting Official Use Only Information | Completed |
DOE M 471.3-1, Admin. Change 1 | Manual for Identifying and Protecting Official Use Only Information | Completed |
DOE O 473.3 | Protection Program Operations | Completed |
DOE O 475.2A | Identifying Classified Information | Completed |
DOE O 5670.1A | Management And Control Of Foreign Intelligence | Completed |
DOE CG-SS-4, Change 6 | Classification and UNCI Guide for Safeguards and Security Information (Official Use Only) | Completed |
NISP | National Industrial Security Policy | Completed |
6.0 Definitions
This is not the online OFFICIAL SCMS COPY of this file. Before using this printed copy, verify that it is the most current version by checking the Last Major Revision and Last Minor Revision dates (at the bottom of each document) on the SCMS Web site.
This is the online OFFICIAL SCMS COPY of this file. Before using a printed copy, verify that it is the most current version by checking the Last Major Revision and Last Minor Revision dates (at the bottom of each document) on the SCMS Web site.
Send a question or comment to the
SCMS Help Desk.
Disclaimer
Last Major SCMS Revision: 03/31/2008