3. Scope and Applicability. This order applies to all GSA employees and visitors to a GSA-controlled SCIF. This Order does not apply to other organizations that have entered into agreements with GSA to use an GSA-controlled SCIF, except as expressly provided in those agreements. And all this takes time. Co-use agreements are usually coordinated between the security office of the item that sponsored the host SCIF and the security office of the winning or tenant item. For example, if a company has an NGO-accredited SCIF but wants the SCIF to support an NGA program, the NGA Security Office will work with the NGO Security Office to ensure that all NGA regulations on SCIF are met. After a full review, including reconciliation of any waivers, the NGA Security Office will approve the NGA`s work to be carried out in the NGO-accredited SCIF under the terms of a defined co-use agreement. (c) ensure adequate accreditation of all equipment and systems and the completion and maintenance of the user contract documentation; (6) Directs the Emergency Operations Center (EOC) at GSA Headquarters, which is composed of guard officers who: Visitors – Any person not informed by sci or non-GSA employee. You should make targeted contact with the host`s security offices and hardening elements as soon as program-specific security requirements can be identified.
Depending on the existence and nature of the derogations, the process can be long and complex. Early and continuous coordination will slightly but significantly increase the likelihood of a SCIF COGESTion. SUBJECT: Sensitive Compartmentalized Information Facility (FRIC) Use of a Sensitive Compartmentalized Information Facility (FRIC) – An accredited area, room, group of rooms or facility in which sensitive information may be stored, used, discussed and/or processed electronically, in which procedural and physical measures prevent the free access of persons, unless they have been formally designated for specific sensitive information informed to use or store in the possibility of sensitive subdivided information. (1) comply with the provisions of this Regulation and, where applicable, with the individual standard operating procedures of the SCIF and the provisions of the approved SCIF emergency action plan; a) receive/manage/reserve all requests for termination of the Central Unit`s FISM; GSA-Controlled Sensitive Compartmentalized Information Facility (SCIF) – Any SCIF that occupies and/or manages the GSA. Classified information – information the unauthorised disclosure of which is determined by a classification authority of origin which can reasonably be expected to be injurious to national security, including defence against transnational terrorism, and which the origin classification authority is able to identify or describe the damage. Classified information can be protected at one of three levels of secrecy: Top Secret, Secret or Confidential. 2. Background. The following authorities include the protection of facilities, personnel and classified information in FIS controlled by the GSA. This list of authorities is not exhaustive, but represents the main reference documents: (4) Reporting and investigating any suspected security incidents or breaches within FIS controlled by the GSA. Visit Access Request – A letter or request for authorization that must be addressed to the Personnel Security Bureau to verify an individual`s level of release and/or if they are notified in sci before classified information can be shared with them.
Co-use of THE SCIF promotes efficiency and increases competition. It uses an existing IC facility to increase the overall capacity of the mission, and it increases the pool of eligible competitors for a particular program. It allows innovative small businesses to compete for work from which they would otherwise be excluded. Of course, small businesses are eager to encourage scif sharing. Note: If the visitor is an uninformed non-GSA sci employee, the visitor must be under the constant visual supervision of the host/attendant for the duration of the visit. Incidents involving inappropriate accompaniment when entering a visitor into the SCIF must be reported immediately to the SSM. 1. Leads the management, administration and oversight of the CIS security program in accordance with the policies and procedures of the Office of the Director of the National Intelligence Service for the Protection of Classified Information, intelligence services, and intelligence sources and methods. (b) Verify access to the approved ICS through the GSA Personnel Security Office for any person requesting the implementation of classified information in the SCIF; (c) conduct daily communication readiness reviews to ensure that classified systems are operational; and all visitors must remain outside the ICS entry area until their authorizations have been verified by the GSA EOC or SSM via the GSA ICS Access List or the GSA Personnel Security Office (for individuals who are not notified by the SCI). The SSM is the only official channel and point of contact for sending successful/received SCI access confirmations to visitors from non-GSA employees. The SSM verifies eligibility via a visit access request form. The following access control procedures must be followed.
e. ICD 701, „Unauthorized Disclosure of Classified Information,“ December 22, 2017. (5) Creates, updates and implements THE SICF Visitor Access Logs, as required by Appendix A: Visit Access Logs. According to the requirements of the mission, there are now derogations, both when the uniform security requirements cannot be met and if they need to be exceeded. See ICS 705-1(H)(a)—(b) general. Today`s accredited RIS therefore differ considerably in terms of compliance with „uniform“ requirements; some meet them, others surpass them, and others fail. The provisions of this Ordinance shall not be construed as affecting or impeding the legal powers or independence of the Inspector General of the GSA or the Civil Committee for Contract Complaints. SCI Informed – The first instructions regarding the uniqueness of SCI, its unusual sensitivity and the special security rules and practices for its handling given to anyone whose access is approved prior to exposure. 4. Policy. FIS controlled by the GSA is the responsibility of the GSA`s Mission Assurance Office (AMO).
This ordinance provides security guidance for accessing, securing and storing classified information and documents in FIS controlled by the GSA. The use, discussion and storage of classified information and documents may only be handled by a person with an appropriate security clearance, a need to know the information and within a GSA-controlled SCIF. Appendix A: Visit the access logs Appendix B: Terms and definitions But there was a trap. Despite the DNI`s best intentions, RIS – like costumes – are not a „one size fits all“. A little sewing is always necessary. As a nice IC program manager recently explained to me, „We each have different requirements because of the work we do.“ Thus, the original ICD provided for a narrow exception: in the presence of indefinite „extraordinary circumstances“, uniform security requirements can be removed. In a short period of time, the diversity and complexity of the various IC programs have given rise to various derogations. Soon the exception would swallow the rule.
.