Facility Operations

Management System: Safeguards, Security, and Emergency Management

Subject Area: Facility Operations

Point of Contact:	PEGGY JACKSON
Management System Owner:	EARL HICKS
Secondary Management System Owner:	THOMAS GRADLE JOHN MEDLOCK

SCMS Home Page | Revision History | Subject Area Definitions

Issue Date: 12/21/2012
SCMS Revision: 2.3

1.0 Introduction

This subject area (SA) establishes the procedures and functional responsibilities for Facility Operations. Facility Operations consists of six key elements:

Classified Matter Protection and Control (CMPC): The CMPC Program is a program that ensures protection and control of classified matter. Its objectives are to:

Protect and control classified matter that is generated, received, transmitted, used, stored, reproduced, or destroyed;
Establish an audit trail for all accountable classified matter;
Establish required controls based on classification level (Top Secret, Secret, or Confidential) and category [Restricted Data (RD), Formerly Restricted Data (FRD), or National Security Information (NSI)], special handling instructions or caveats.

Incidents of Security Concern (IOSC): The IOSC Program is a program that sets forth requirements for timely identification and notification of, response to, inquiry into, reporting of, and closure actions for incidents of security concern.

Operation Security (OPSEC):

Ensures that Critical Program Information (CPI), including unclassified controlled information is protected from inadvertent and unauthorized disclosure;
Provides management with the information required for sound risk management decisions concerning the protection of sensitive information;
Ensures that OPSEC techniques and measures are used throughout the department.
The review process must include a multi-layer review to ensure suitability of the information for worldwide public release.
The Local Threat Statement provides the basis for local security planning. Preparation is the responsibility of the local U.S. Department of Energy (DOE) OPSEC manager.

Nuclear Material Control and Accountability (NMC&A):

The primary role of NMC&A is to help prevent and detect the theft of nuclear material from DOE-owned and DOE-leased facilities, and DOE-owned nuclear materials at other facilities that are exempt from licensing by the Nuclear Regulatory Commission (NRC). Material control and material accountability are distinct, but complimentary activities. The goal of material control is to prevent the loss or provide timely detection of thief or diversion of nuclear material, while the goal of material accountability is to provide assurance that no loss of materials has occurred. NMC&A functions are implemented through a single organization that is independent from organizations having responsibility for operations or production. This requirement is intended to avoid possible conflicts of interest with production-related activities.

Nuclear Materials Management (NMM):

The role of NMM is to effectively manage DOE-owned and/or DOE-managed accountable nuclear materials for use in national defense and in other DOE and non-DOE programs. The utilization of nuclear materials involves major expenditures and long lead times; therefore, NMM includes annual assessments of nuclear material inventories; evaluations of current and projected mission needs; and identification of consolidation and disposition opportunities.

Classification:

Provides requirements for managing DOE classification and declassification program, including details for classifying and declassifying information, documents, and material;
Provides the requirements for identifying and protecting Unclassified Controlled Nuclear Information (UCNI);
Establishes a program to identify certain unclassified controlled information as Official Use Only (OUO) and to identify, mark, and protect documents containing such information. This information may be exempt from public release under the Freedom of Information Act (FOIA) and has the potential to damage governmental, commercial, or private interests if disseminated to persons who do not need to know the information to perform their jobs or other DOE-authorized activities.

2.0 Contents

Procedures	Procedure Content
1. Managing A Classified Matter Protection and Control (CMPC) Program	Receive CMPC Point of Contact (POC) appointment documentation from SC Contractor facility. Update CMPC Point of Contact Listing as changes occur. Annually review DOE Orders/Manuals and identify changes in CMPC policy/requirements. Make any necessary changes to locally-developed *Federal* CMPC procedures and training/briefing and provide to DOE CSA for approval. If approved, post on locally-developed web sites/networks, and conduct performance tests to ensure changes have been incorporated and associated links are working. Transmit a DOECAST to federal and direct support contractor personnel notifying them of implementation. If the changes are not approved, revise and resubmit to the DOE CSA. Receive *Contractor* CMPC procedure(s) for approval. If substantial changes are necessary, provide comments back to the contractor through appropriate channels. If changes are not necessary, submit contractor CMPC procedures to the DOE Cognizant Security Authority (CSA) for approval and transmit approval page to the contractor through appropriate channels.
2. Implementing and Managing an Incident of Security Concern (IOSC) Program	Annually transmit an informal communication (e.g., email message) to site’s Facility Security Officer's (FSO's) designee requesting appointments for or changes to inquiry officials. For new appointments, review requests for completion of required DOE NTC IOSC training or previous inquiry/investigative experience, prepare inquiry official appointment letter, and transmit to FSO. For renewals or changes, document and file. Renewals do not require communication of reappointment of inquiry officials. Annually review DOE Order/Manuals and identify changes in IOSC policy/requirements. Make necessary changes to locally-developed IOSC implementing instructions, provide to DOE CSA for approval, and transmit to contractor sites through appropriate channels. Receive contractor IOSC procedures for review and approval. If changes are necessary, provide comments back to the contractor through appropriate channels. If changes are not necessary, submit contractor IOSC procedure to the DOE CSA for approval and transmit approval page to the contractor through appropriate channels. Receive notification of IOSC, provide a local tracking number, and report to Headquarters, as required in current DOE M 470.4‑1, Change 2, Part 2, Section N, IOSC. Conduct inquiry into IOSCs as required in DOE M 470.4‑1, Change 2, Part 2, Section N, IOSC. Collect monthly IMI‑4 IOSC data from contractor sites and input into Headquarters Safeguards and Security Information Management System (SSIMS). Develop tracking and trending of IOSCs for management’s review.
3. Managing An Operations Security (OPSEC) Plan	Request the site, facility, and overall concerns from OPSEC POCs about critical operational and programmatic data on an annual basis. Develop CPI from information supplied by the OPSEC POCs. Submit the updated OPSEC Plan for signature by DOE Integrated Support Center (ISC) OPSEC Manager or designee. Select site-specific Indicators of the OPSEC Plan to review at the ISC or facility. Contact all of the applicable DOE Program Office Managers to request participation in the preparation of the Local Threat Statement.
4. Reviewing and Approving Shipper/Receiver Agreements	Reviewing Facility Inventory Difference Data. Reviewing and Approving of Shipper/Receiver Agreements
5. Reviewing Significant Shipper/Receiver Differences	Reviewing Facility Inventory Difference Data. Reviewing Significant Shipper/Receiver Differences
6. Establishing and Updating Nuclear Material Project Numbers	Establishing and Updating Nuclear Materials Project Numbers
7. Submitting Nuclear Materials Inventory Assessments	Submitting Nuclear Materials Inventory Assessment
8. Identifying and Facilitating Classification Documentation	Receive requests for review of documentation that may be classified or otherwise sensitive in a secure manner. Review proposed communication and determines if it warrants protection as classified (UCNI, ECI or OUO) per the applicable DOE Order and/or classification guide(s). Conduct Oversight (appraisals of contractors and self assessments) in accordance with DOE O 475.2A, Identifying Classified Information, and submit the Oversight information to the Director, Office of Classification (HS-60). Receive CSCS Form and description of contract activities from FOCI/FDAR Coordinator for assignment of appropriate classification guide(s). Assign appropriate classification guide(s), sign the CSCS Form as CO and return it to the FOCI/FDAR Coordinator.

3.0 Exhibits/Forms

Shipper/Receiver Difference Assessment

Shipper/Receiver Measurement Requirements

Classified Matter Protection and Control (CMPC) Points of Contact

Example Letter and Memo of Appointment of Contractor Incidents of Security Concern (IOSC) Point of Contact (POC)

Local [Site Specific] Threat Statement (Example)

Example of Operations Security Plan

Material Balance Sheet by Facility -- Nuclear Materials Management and Safeguards System (NMMSS) Report (Example)

Example of the Nuclear Materials Inventory Assessment (NMIA) Memorandum & Guidance

Example of Ending FY 20XX Nuclear Material Inventory Assessment (NMIA) Guidance

DOE F 470.1, Contract Security Classification Specification (CSCS)

DOE F 471.1, Security Incident Notification Report

DOE F 5639.3, Report of Security Incident/Infraction

DOE/NRC F 742, Material Balance Report

Subject Area Indicators and Key Word List for Restricted Data and Formerly Restricted Data

Use of Nuclear Materials Project Numbers

4.0 Related Information

For Local Implementing Procedures, see site-specific documentation
DOE‑STD‑1194‑2011, Nuclear Material Control and Accountability
Designation Letter (SC-CH), from Andrew P. Weston-Dawkes, Director, Office of Classification, Office of Health, Safety, and Security, to Howard G. Filler, Classification Officer, Chicago Office, titled, "Appointment as Office of Science Program Classification Officer for SC Headquarters and Chicago Facilities and Other Classification Officer Responsibilities," dated 09/27/2011
Designation Letter (SC-OR) from Andrew P. Weston-Dawkes, Director, Office of Classification, Office of Health, Safety, and Security, to Lawrence M. Sparks, Classification Officer, Oak Ridge Office, titled, "Appointment as Office of Science Program Classification Officer for Oak Ridge Facilities and Realignment of Oak Ridge Office Classification Officer's Responsibilities," dated 09/27/2011
Federal Information Processing Standard (FIPS) 199, Standards for Security Categorization of Federal Information and Information Systems
NIST SP 800-30, Risk Management Guide for IT Systems
NIST SP 800-34, Revision 1, Contingency Planning Guide for Federal Information Technology Systems
NIST SP 800-37, Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach
NIST SP 800-40, Version 2, Procedure for Handling Security Patches
NIST SP 800-47, Security Guide for Interconnecting Information Systems
NIST SP 800-50, Building an Information Technology Security Awareness and Training Program
NIST SP 800-53, Cyber Security Self Assessment Guide
NIST SP 800-59, Guide for Mapping Information and Information Types to Security Objectives and Risk Levels
NIST SP 800-61, Revision 2, Computer Security Incident Handling Guide
NIST SP 800-64, Revision 2, Security Consideration in the Information System Development Life Cycle
NIST SP 800-65, Integrating Security into the Capital Planning and Investment Controls Process
NIST SP 800-68, Guidance for Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist
NIST SP 800-73-2, Interfaces for Personal Identity Verification
NIST SP 800-76-1, Biometric Data Specification for Personal Identity Verification
Nuclear Materials Management and Safeguards System (NMMSS) (Classified System)
Nuclear Materials Management and Safeguards System (NMMSS) User Guide
Safeguards and Security Policy Information Resource Web site

5.0 Requirements

Document	Title	Requirement Decision Record
10 CFR 1046	Physical Protection Of Security Interest	Completed
DOE M 142.2-1	Manual For Implementation Of The Voluntary Offer Safeguards Agreement And Additional Protocol With The International Atomic Energy Agency	Completed
DOE O 142.2A	Voluntary Offer Safeguards Agreement And Additional Protocol With The International Atomic Energy Agency	Completed
DOE O 410.2	Management of Nuclear Materials	Completed
DOE O 457.1	Nuclear Counterterrorism	Completed
DOE M 457.1-1	Control Of Improvised Nuclear Device Information (Official Use Only)	Completed
DOE P 470.1A	Safeguards and Security Program	Completed
DOE O 470.3B	Graded Security Protection Policy	Completed
DOE O 471.1B	Identification and Protection of Unclassified Controlled Nuclear Information	Completed
DOE O 471.3, Admin. Change 1	Identifying and Protecting Official Use Only Information	Completed
DOE M 471.3-1, Admin. Change 1	Manual for Identifying and Protecting Official Use Only Information	Completed
DOE O 473.3	Protection Program Operations	Completed
DOE O 475.2A	Identifying Classified Information	Completed
DOE O 5670.1A	Management And Control Of Foreign Intelligence	Completed
DOE CG-SS-4, Change 6	Classification and UNCI Guide for Safeguards and Security Information (Official Use Only)	Completed
NISP	National Industrial Security Policy	Completed

6.0 Definitions

Definitions.

This is not the online OFFICIAL SCMS COPY of this file. Before using this printed copy, verify that it is the most current version by checking the Last Major Revision and Last Minor Revision dates (at the bottom of each document) on the SCMS Web site.

This is the online OFFICIAL SCMS COPY of this file. Before using a printed copy, verify that it is the most current version by checking the Last Major Revision and Last Minor Revision dates (at the bottom of each document) on the SCMS Web site.

SCMS Home Page | Revision History | Subject Area Definitions

Send a question or comment to the SCMS Help Desk.
Disclaimer

Filename: /OrbitSearch/SubjArea/FO/FO_SA.cfm
Last Major SCMS Revision: 03/31/2008