NATIONAL SECU INFORMATION MANUAL - United States Department of

Departmentof Health andHuman Services

NATIONAL SECUINFORMATION MANUAL

HHS Transmittal 92.01National Security Information ManualIssue Date: March 20, 1992

Page 1

Material Transmitted

National Security Information Manual (in its entirety)

Material Superseded

This supersedes the prior HEW Security Manual, issuedJune 25, 1975, in its entirety.

Backqround

Most of the guidance in the 1975 Security Manual is obsolete.Information dealing with personnel security policy andprocedures was superseded by HHS Personnel Instruction 731-1,dated August 4, 1988. The President issued Executive Order12356 on April 2, 1982, prescribing a uniform system forclassifying, declassifying, and safeguarding nationalsecurity information. This Order also created the InformationSecurity Oversight Office (ISOO) which subsequently issued animplementing directive to agencies on the control and safe-guarding of classified national security information. Thismanual incorporates the Executive Order and IS00 requirementsinto HHS policy and provides specific guidance to those HHSemployees and contractors who have security clearances foraccess to national security information.

Filins Instructions

Replace the entire obsolete 1975 HEW Security Manual withthe current National Information Security Manual.

IAssistant Secretary for

Personnel Administration

Distribution: MS.HRF-119

Manual PlanNational Security Information ManualHHS Transmittal 92.01

Page 1

Subject: NATIONAL SECURITY INFORMATION MANUAL

SCOPE AND ORGANIZATION

This manual provides specific guidance regarding classifying,declassifying, controlling, and safeguarding national securityinformation. The manual addresses all aspects of the handlingof national security information from the time the informationis classified to the destruction of the information. While thenational-security information is in possession of a HHS employeeor contractor, various people have responsibilities for controllingand safeguarding it. This manual specifically indicates thoseresponsibilities and provides detailed procedures to be followedwhen handling classified information.

National security information, also referred to as classifiedinformation, is treated very differently from other types ofsensitive and official government information. Those individualswith security clearances should use this manual to guide theiractions when dealing with classified information. This manual alsoprovides security awareness guidance and sets forth certain foreigntravel and contact requirements.

Throughout this manual references are made to specific HHS orStandard Forms. To allow for easy reference to them, copies aregrouped together and included in the final chapter entitled,"Exhibits".

ISSUANCE MANAGEMENT

Although this manual covers security requirements and procedures,nothing in this manual is classified or sensitive so it should beshared with anyone needing guidance in this subject manner. Thismanual should be maintained in any office where classified materialis kept or where classified information is handled.

Table of ContentsNational Security Information ManualHHS Transmittal 92.01

Page i

HHS National Security Information Manual

TABLE OF CONTENTS

CHAPTER l-00 - SAFEGUARDING NATIONAL SECURITY INFORMATION -GENERAL PROVISIONS

Purpose .............................................. 1-00-00Authority ................................ ..- .......... l-00-05Policy ............................................... l-00-10Applicability ........................................ l-00-15References ........................................... l-00-20Definitions .......................................... l-00-25Responsibilities ..................................... l-00-30Reporting a Security Incident ........................ l-00-35Administrative and Criminal Sanctions ................ l-00-40Reporting Requirements ............................... l-00-45Suggestions .......................................... l-00-50

CHAPTER 2-00 - CLASSIFICATION

Purpose .............................................. 2-00-00Original Classification .............................. 2-00-05Duration of Classification ........................... 2-00-10Derivative Classification ............................ 2-00-15Classification Guides ................................ 2-00-20

CHAPTER 3-00 - DECLASSIFICATION AND DOWNGRADING

Purpose .............................................. 3-00-00Declassification and Downgrading Authority ........... 3-00-05Mandatory Review for Declassification ................ 3-00-10

Page iiTable of ContentsNational Security Information ManualHHS Transmittal 92.01

CHAPTER 4-00 - MARKING DERIVATIVELY CLASSIFIED DOCUMENTS

Purpose ..............................................Identification and Markings ..........................

CHAPTER 5-00 - ACCESS AND DISSEMINATION

Purpose ..............................................

Security Clearance and Access ........................Administrative Downgrade or Withdrawal of Access .....Restrictions .........................................Dissemination of other Agency Information ............Dissemination of DHHS Information ....................Access by Foreign Nations, Foreign Governments, and

International Organizations ........................

CHAPTER 6-00 - CUSTODY, ACCOUNTABILITY AND REPRODUCTION

Purpose ..............................................Custody of Classified Information ....................Accountability of Classified Information .............Production and Reproduction of Classified Information.

4-00-004-00-05

5-00-005-00-055-00-105-00-155-00-20S-00-25

5-00-30

6-00-006-00-056-00-106-00-15

CHAPTER 7-00 - STORAGE

Purpose .............................................. 7-00-00Policy ............................................... 7-00-05Standards ............................................ 7-00-10Storage of Top Secret Information .................... 7-00-15Storage of Secret and Confidential Information ....... 7-00-20Combinations to Security Containers .................. 7-00-25Relocation of Security Storage Containers ............ 7-00-30Restrictions on Use of Storage Containers ............ 7-00-35Safe or Cabinet Security Record ...................... 7-00-40

CHAPTER 8-00 - TRANSMISSION

Purpose .............................................. 8-00-00Transmittal Outside DHHS Building .................... 8-00-05Transmittal Within DHHS Building ..................... 8-00-10Receipt for Classified Information ................... 8-00-15Accountability Procedures Prior to Transmission ....... 8-00-20Methods of Transmission .............................. 8-00-25Hand-Carrying Classified Information ................. 8-00-30

Page iiiTable of ContentsNational Information Security ManualHHS Transmittal 92.01

CHAPTER 9-00 - DISPOSAL AND DESTRUCTION

Purpose . . ..*......................................... 9-00-00Disposal of Classified Information . . . . . . . . . . . . . . . . . . . g-00-05Destruction of Classified Information . . . . . . . . . . . . . . . . 9-00-10Emergency Protection, Removal, and Destruction . . . . . . . g-00-15

CHAPTER lo-00 - SECURITY AWARENESS, CONTACT WITH CERTAIN FOREIGNNATIONALS, AND FOREIGN TRAVEL

Purpose .............................................Security Awareness and Reporting Contact with Certain

Foreign Nationals .................................Travel Requirements .................................Designated Countries ................................

10-00-00

10-00-0510-00-1010-00-15

CHAPTER 11-00 - OTHER SPECIAL SECURITY PROGRAMS

Purpose .............................................Policy ..............................................Communications Security (COMSEC) and Secure Voice ...North Atlantic Treaty Organizations (NATO) ..........Special Access Programs .............................

11-00-0011-00-0511-00-1011-00-1511-00-20

CHAPTER 12-00 - EXHIBITS

HHS 25 Classified Document Receipt ................. 12-00-AHEW 207 Request for Security Clearance .............. 12-00-BHHS 208 Classified Document Accountability Record ... 12-00-cSF 312 Classified Information Nondisclosure Agreement 12-00-DSF 700 Security Container Information .............. 12-00-ESF 701 Activity Security Checklist ................. 12-00-FSF 702 Security Container Checklist ................ 12-00-GSF 703 Top Secret Cover Sheet ...................... 12-00-HSF 704 Secret Cover Sheet .......................... 12-00-ISF 705 Confidential cover Sheet ..................... 12-00-J

.

GlossaryNational Information Security ManualHHS Transmittal 92.01

Page iv

AISARFCOSASPERCCFRCOMSECCUSRDECL/DGE.O.FBIFOIAGSA10sIS00LCOLCPNATONSANSDDOADROPDIVOPSPASDDSSTAFFDIVTSUU.S.C.USPSUSSAN

GLOSSARY OF ACRONYMS AND ABBREVIATIONS

Automatic Information SystemsArmed Forces Courier ServiceAssistant Secretary for Personnel AdministrationConfidentialCode of Federal RegulationsCommunications SecurityCentral United States RegistryDeclassification/DowngradingExecutive OrderFederal Bureau of InvestigationFreedom of Information ActGeneral Services AdministrationImmediate Office of the SecretaryInformation Security Oversight OfficeLogging Control OfficerLogging Control PointNorth Atlantic Treaty OrganizationNational Security AgencyNational Security Decision DirectiveOriginating Agency's Determination Required *Operating DivisionOffice of Personnel Services, ASPERPrivacy ActPersonnel Security and Drug Testing Program DivisionSecretStaff DivisionTop SecretUnclassifiedUnited States CodeUnited States Postal ServiceUnited States Security Authority for NATO Affairs

TSCO Top Secret Control Officer

HKS Chapter l-00National Security Information ManualHHS Transmittal 92.01

Page 1

Subject: SAFEGUARDING NATIONAL SECURITY INFORMATION -GENERAL PROVISIONS

1-00-00 Purpose05 Authority10 Policy15 Applicability20 References25 Definitions30 Responsibilities35 Reporting a Security Incident40 Administrative and Criminal Sanctions45 Reporting Requirements50 Suggestions

1-00-00 PURPOSE

The National Security Information Manual is the officialDepartmental medium for providing policy and proceduralguidance to the Department of Health and Human Services(DHHS) employees and contractors who have access toclassified national security information. This manualprescribes policy and responsibility for handling andsafeguarding national security information in thepossession of DHHS. The guidance provided is to be usedmainly by those individuals who have security clearances -or have security program responsibilities. This manualis a part of the DHHS Staff Manual System.

l-00-05 AUTHORITY

Executive Order (E.O.) 12356, National Security Information,dated April 2, 1982; Information Security Oversight Office(ISOO) Directive Number 1, (32 C.F.R.2001), concerningNational Security Information, dated June 23, 1982; NationalSecurity Decision Directive (NSDD)-84, Safeguarding NationalSecurity Information, dated March 11, 1983; and NSDD-197,Reporting Hostile Contacts and Security Awareness, datedNovember 1, 1985.

l-00-10 POLICY

It is the policy of the DHHS to safeguard from unauthorizeddisclosure all national security information, also referredto as classified information, in the custody of theDepartment and its employees and contractors.

HHS Chapter l-00National Security Information ManualHHS Transmittal 92.01

Page 2

l-00-15 APPLICABILITY

A. The requirements of this manual apply to allHHS employees and contractors whose duties requireaccess to national security information.

B. Heads of OPDIVS and STAFFDIVs are authorized to issuesupplemental guidance and instructions to facilitateimplementation of the requirements of this manualwithin their divisions. A copy of each supplementissued must be furnished to the Director, Office ofPersonnel Services (CPS), Office of the AssistantSecretary for Personnel Administration (ASPER).

l-00-20 REFERENCES

A.

B.

c.

D.

E.

F.

E.O. 12356 which prescribes a uniform system forclassifying, declassifying, and safeguarding nationalsecurity information.

IS00 Directive No. 1 which implements the provisions ofE.O. 12356, and further sets forth guidance relating tooriginal and derivative classification, downgrading,declassification, and safeguarding of national securityinformation.

NSDD-84 which establishes procedures to safeguardagainst the unauthorized disclosure of national securityinformation.

NSDD-197 which requires the creation and maintenance of aformalized security awareness program designed to protectclassified, proprietary, and sensitive information fromforeign sources, whether overt or covert. NSDD-197 alSOrequires that procedures be established for employeesto report any contacts with certain individuals andforeign nationals of certain specific countries.

IS00 Briefing Booklet, undated, which provides infor-mation about the Wlassified Information NondisclosureAgreement," also known as the "SF 312."

HHS Instruction 731-1, Personnel Manual, dated August 4,1988, which provides policy and guidance on personnelsecurity and security briefings of individualsrequiring security clearances for access to nationalsecurity information.


Page 3

G. U.S. Security Authority for NATO Affairs (USSAN)Instruction l-69, dated April 21, 1982, which providespolicy and guidance for the safeguarding of NATOclassified materials.

H. National Telecommunications and Information SystemsSecurity Policy (NTISSP) No. 3, dated December 19, 1988,which was developed by the National Telecommunicationsand Information Systems Security Committee for thepurpose of preventing the loss or unauthorizeddisclosure of U.S. classified crytographic information.

I. Other classified directives and manuals of nationalsecurity agencies which provide policy and guidancefor HHS personnel who are briefed into their specialaccess programs.

l-00-25 DEFINITIONS

A.

B.

c.

D.

E.

F.

G.

Access - The ability and opportunity to obtain knowledgeof classified national security information.

Asencv - a Federal agency as defined in Title 5 U.S.C.,Section 552(e).

Comnromise - The known or suspected exposure of classifiedinformation to an unauthorized person.

Controlled Area - Any area, entry to which is subject torestrictions for security reasons.

Custodian of Classified Files - An employee who haspossession of or is otherwise charged with the respon-sibility for safeguarding or accounting for classifiedinformation.

Declassification - A determination, made by an originalclassification authority, that classified information nolonger requires, in the interests of national security,protection against unauthorized disclosure under E.O.12356 together with a removal or cancellation of theclassification designation.

Derivative Classification - A determination thatinformation is in substance the same as informationcurrently classified. The newly developed informationis marked consistent with the classified markings ofthe source material.

RRS Chapter 1-00- National Security Information ManualPage 4

HHS Transmittal 92.01

H. Downsrade - A determination made by the originatingauthority that particular classified informationreguires, in the interests of the national security,a lower degree of protection than currently provided.This determination requires changing of the classi-fication designation to reflect such lower degree ofprotection.

I. Inadvertent Access - An incident in which an employeehad access to classified information to which theemployee was not authorized.

J. Loqqinq Control Officer (LCO) - An employee responsiblefor the proper maintenance of records relating to thesafeguarding and storage, accountability, transmissionand destruction of national security information.

K.

L.

Locrsinq Control Point (LcP) - A central place within anoffice or organization where all classified informationis received, recorded, stored, transmitted or destroyed.

Multiole Sources - The term used to indicate that adocument that is derivatively classified containsclassified information derived from more than one source.

M. National Security - The national defense and/or criticalforeign relations of the United States.

N. National Security Information - Information that hasbeen determined pursuant to E.O. 12356, or anypredecessor E.O. concerning national security, torequire protection against unauthorized disclosure.National security information is also referred to asclassified information. Such information must beappropriately marked TOP SECRET, SECRET, orCONFIDENTIAL, according to contents, by an officialpossessing the original classification authority underE.O. 12356.

0. Orisinal Classification - An initial determinationthat information requires, in the interest of nationalsecurity, protection against unauthorized disclosure,together with a classification designation signifying.the level of protection required.


Page 5

P. Oriainal Classification Authority - The authorityvested in a designated executive branch official tomake an initial determination that information requiresprotection against unauthorized disclosure in the interestof national security. DBBS does p& have this authority.

Q- Personnel Security Representative (PSR) - A Seniormanagement official designated, in writing, theresponsibility for his/her organization's personnelsecurity program. PSRs maintain lists of thoseindividuals within their organization who have securityclearances and keep current information on theirorganizationrs LCPs and LCOs.

R. Security Classification Levels - National SecurityInformation is classified at one of the following threelevels:

1. g*TOP SECRET" is applied to information, theunauthorized disclosure of which could reasonablybe expected to cause exceptionally grave damageto the national security.

2. llSECRETfr is applied to information, th'e unauthorizeddisclosure of which could reasonably be expectedto cause serious damage to the national security.

3. WONFIDENTIALIQ is applied to information, theunauthorized disclosure of which could reasonablybe expected to cause damage to the nationalsecurity.

s. Securitv Clearance - An administrative determinationbased upon the results of a favorably adjudicatedinvestigation that an individual is trustworthy and maybe granted access to a specified level of nationalsecurity information as required in the performance ofassigned duties (see BBS Instruction 731-l for clearanceprocedures).

T. Snecial Access - That special compartmented category ofnational security information accessible to selectedindividuals on a must know basis. It requires a currentTop Secret clearance, a recent Special BackgroundInvestigation (SBI), specific justification to the agencyresponsible for the special access program, and a uniquesecurity briefing,

.


Page 6

u. Unauthorized Disclosure - A communication or physicaltransfer of specific classified information to a personnot authorized access to that level of classifiedinformation or not having met need-to-know requirements.

v. TOP SECRET Control Account - An approved method within anestablished LCP for the storage, receipt, and transmissionof Top Secret documents, when authorized in accordancewith section l-00-3oC.

w. TOP SECRET Control Officer (TSCO) - An official who has aTop Secret clearance and is designated in writing to beresponsible for receiving, safeguarding, controlling,accounting for, and destroying all Top Secret documentswithin the TSCO*s assigned area of responsibility.

l-00-30 RESPOlblSIBILITIBS

A. The Assistant Secretary for Personnel Administration(ASPER) is the senior Department official responsiblefor the overall implementation of E.O. 12356, IS00Directive No. 1, NSDDs-84 and 197, and similar futuredirectives. Specific responsibilities include:

1. Issuing Department guidance to implement theprovisions of E.O. 12356, IS00 Directive No. 1,NSDDs-84 and 197, and future national securityinformation directives.

2. Maintaining active oversight of the Department'sInformation Security Program for the safeguardingof national security information.

3. Making the final determination on a denial of asecurity clearance and/or access to classifiedinformation, based upon specific unfavorableinformation regarding the trustworthiness orloyalty of an HHS employee or contractor.

B. The Heads of OPDIVS, STAFFDIVS, and DEES RegionalDirectors are responsible for assuring that therequirements of this manual are implemented for theirrespective organizations. Specific responsibilities,which -can be delegated, include:

-1. Ensuring that all national security informationreceived-or handled-within their organizationsis properly safeguarded and controlled.


Page 7

2. Ensuring that classified documents which are nolonger required are properly destroyed inaccordance with chapter 9-00.

3. Designating a senior management official to serve asthe primary Personnel Security Representative (PSR)for his/her respective organization to handlenational security information responsibilities, inaddition to personnel security responsibilities.(To further handle their security responsibilities inthe Regions, OPDIVs and STAFFDIVs may designate theirown regional PSRs or may request that the PSRdesignated by the Regional Director handle certainresponsibilities for their organization.)

4. Establishing a Logging Control Point (LCP) for anymajor office or organization which needs to storeclassified information and designating, in writing, aLogging Control Officer (LCO) or a separate Custodianof Classified Files, as needed.

5. Establishing additional written procedures, asnecessary, to prevent unauthorized access to nationalsecurity information and reduce the opportunity forthe negligent or deliberate disclosure of theinformation.

c. The Director of the Office of Personnel Services (OPS)is responsible for:

1. Overseeing the development of policy and proceduresfor the Department's classified information securityprogram for the safeguarding of national securityinformation.

2. Providing consultation and advice on the classifiedinformation security program to OPDIV, STAFFDIV, andother management officials.

D. The Director, Personnel Security and Drug Testing ProgramDivision (SDD), OPS, ASPER, is responsible for:

1. Developing Department regulations to implementE.O. 12356, 1800 Directive No. 1, NSDDs-84 and197, and other similar directives.

HNS Chapter l-00National Security Information ManualHKS Transmittal 92.01

Page 8

2.

3.

4.

5.

6 .

7.

8.

9.

10.

11.

12.

D8V8lOping and publishing security education materialfor us8 by PSRS, and employees and contractors whohave been granted access to national securityinformation.

Processing r8qUir8d personnel security investigations,in accordance with the RR8 Personnel Manual, andgranting or denying security clearances to RRSemployees and contractors.

Conducting national security information programreviews, assistance visits, inspections, and SU?ZV8ySwithin HHS to ensure compliance with this manualand authorities.

Receiving reports relating to the unauthorizeddisclosure and mishandling of national securityinformation, and coordinating these, as necessary,with RRS and other Federal agency officials.

Providing security guidance and assistance to PSRsand contractors as needed or requested.

Furnishing any required reports to the Director, ISOO.

Designating a Headquarters Top Secret Control Officer(TSCO) who shall be responsible for the control andaccountability of all Top Secret documents in thecustody of the Headquarters Top Secret ControlAccount.

Approving requests for the establishment of a TopSecret Control Account and th8 assignment of a TSCO,whenever Top Secret information is routinely storedand received.

Designating a Logging Control Officer (LCO) andestablishing a Logging Control Point (LCP) toservice the Immediate Office of the Secretary.

Appointing a Subregistry Control Officer andalternate(s) to b8 responsible for the Department'sNATO Subregister.

Serving as the principle PerSOnn81 SecurityR8pr8S8ntatiV8 for the Office Of the Secretary.

BHS Chapter l-00National Security Information ManualHI-IS Transmittal 92.01

Page 9

33. Each Personnel Security Representative (PSR) has thefollowing national security information responsibilities:

1.

2.

3.

4.

5.

6 .

7.

8.

Providing security advice on the handling of classi-fied information to officials and employees of theorganization, some of whom may be designated asregional security representatives.

Ensuring that an employee or contractor has a legiti-mate need for a security clearance before signing theRequest for Security Clearance, RR8 Form 207, (seeExhibits), and forwarding it to SDD.

Conducting security inspections of all offices thatstore or handle classified information. The purposeof these inspections is to assure that office mana-gers, supervisors, and employees, who are responsiblefor classified material, are in compliance with thismanual.

Furnishing to the Director, SDD, when requested, acompleted DRHS Annual Status Report on ClassifiedNational Security Information and any other reports,as needed. '

Conducting preliminary inguiries relating to anunauthorized disclosure or loss of classifiedinformation.

Maintaining an up-to-date alphabetical list ofall employees and contractors granted clearancefor access to national security information. Thelist should include the level of clearance andthe date of the last investigation on the clearedperson.

Coordinating with Director, SDD, security mattersaffecting other Federal agencies (e.g., FEMA, DOD,and DOE access clearances).

Ensuring that initial, refresher, and terminationsecurity briefings are conducted as required bythe MIS Personnel Manual and that reguired nondis-closure agreements and debriefing acknowledgmentsare signed and returned to SOD.

Page 10HHS Chapter l-00National Security Information ManualHHS Transmittal 92.01

F. Supervisors. while certain employees may be assignedspecific security responsibilities, it is neverthelessthe basic responsibility of their supervisors to ensurethat national security information entrusted to theiremployees is safeguarded according to the policies andprocedures contained in this manual. Supervisors whoseemployees routinely handle or store classifiedinformation are responsible for taking the followingactions:

1.

2.

3.

4.

5.

6.

Assuring for the proper accountability, control,and storage of classified information as outlinedin Chapters 6-00 and 7-00.

Designating, in writing, any employees authorizedto receive and open outer and inner covers(envelopes) of security mail which is addressedto other cleared employees.

Assuring that no employee is permitted to haveaccess to classified information until it hasbeen officially determined that the employee hasbeen granted the appropriate level of securityclearance and has a bonkfide need-to-know for theinformation in the performance of his/her duties.

Assuring that the LCO, Custodian of Classified Files,and any Of their 8mplOye8S, who have been grantedaccess to classified information, are made aware ofothers in the organization (e.g., division) who havesecurity clearances and meet the U88d-to-know"requirement.

Promptly reporting any violation of securityprocedures to their PSR.

Establishing a system of security checks at theclose of each working day to assure propersafeguarding of classified information.

G. Logging Control Officer (LCO). Each LCO has thefollowing responsibilities:

1. Receiving all incoming accountable communicationscontaining classified information.

HHS Chapter l-00Nationai Security Information ManualHHS Transmittal 92.01

Page -11

2.

3.

4.

5.

6.

7.

8.

9.

10.

11.

12.

13.

Inspecting sealed envelopes or similar wrappingscontaining classified information for any evidenceof tampering, damage, or unauthorized disclosure.

Matching the actual contents of an incoming packageof classified material with the enclosed receipt.

Signing and returning to the sender enclosed receiptsfor classified material.

Maintaining an up-to-date Classified DocumentAccountability Record, HHS Form 208 (see Exhibits),and other documents showing disposition of classifiedmaterials.

Verifying through the PSR the security clearancelevel of recipients of classified information,including the clearance level of the Custodian ofClassified Files who will store the information.

Assuring prompt delivery of classified informationto intended recipients who have the appropriatesecurity clearance.

Handling the responsibilities of the Custodian ofClassified Files (see next page), unless there is aseparately designated Custodian of Classified Files.

Taking prompt action on any downgrading and/ordeclassification notices received and coordinatingwith PSR action taken.

Assuring that the appropriate secure method oftransmission is selected, and that the materialis properly prepared for transmission.

Designating, either orally or in writing, anemployee with a security clearance to act asa courier of classified documents and assuringthe courier is properly briefed.

Destroying any unneeded classified documents inaccordance with Chapter 9-00.

Completing an audit of classified documents andreporting that data and other information on theDHHS Annual Status Report on Classified NationalSecurity Information.

HHS Chapter l-00Nationai Security Information ManualHHS Transmittal 92.01

Page 12

H. Custodians of Classified Files. when it is consideredan absolute necessity that classified documents bestored in offices other than the LCP, separateCustodians of Classified Files shall be designated,in writing, to carry out the required duties.

Employees appointed as Custodians of Classified Filesare

1.

2.

3.

4.

5 .

responsible for:

Providing protection for all classifiedinformation entrusted to their care.

Locking classified information in approvedsecurity containers whenever it is not in useor under the direct control of an authorizedand cleared person.

Verifying the security clearance level of anyperson prior to giving that person access toclassified information.

Returning to the LCP classified materialdesignated for destruction.

Providing periodic inventory reports to the LCO.

I. Employees. My employee who obtains access to nationalsecurity information is responsible for the protectionof that information, regardless of how it was received.Employees also are responsible for reporting to theirsupervisor and/or their PSR the loss, or temporary loss,of control or possession of national security information.

Every employee or contractor who has a security clearancemust be familiar with and adhere to the provisions of thismanual. Employees whose official duties involve contactswith representatives of the public media are to ensurethat any classified information to which they may haveaccess is never divulged, under any circumstances, to themedia or other uncleared individuals (see Restrictions,Section 5-00-15).

l-00-35 REPORTING A SECURITY IBTCIDEHT

A. Any employee who has knowledge of the loss or possiblecompromise of classified information, or who discoversthat a classified document is not being properly safe-guarded, must immediately report the known circumstancesto his/her immediate supervisor and PSR. The report may

HHS Chapter l-00National Security Information Manual

Page 13


be made orally or by memorandum. This security incidentmust be immediately reported by the PSR to the Director,SDD, who will report this to the agency that originatedthe information if there is reason to believe classifiedinformation has been lost or compromised.

B. The PSR must conduct a preliminary inquiry to fullydetermine the circumstances surrounding the reportedsecurity incident. The preliminary inquiry report mustbe in writing and sent to the Director, SDD, within tenworkdays from the date of the incident, the inquiryreport must not contain any classified information,however, it should include all relevant facts concerningthe incident, including all steps taken to recover anymissing classified documents.

c. The agency that originated the classified informationmust be promptly notified by the Director, SDD, of theloss or possible compromise, after relevant facts aregathered, so that a damage assessment can be conductedand measures are taken to negate or minimize any adverseeffect pf the compromise.

D. Normal due process procedures must be followed wheneveran administrative action is contemplated against any HHSemployee or contractor believed responsible for thecompromise of classified information. Whenever aviolation of criminal law appears to have occurred, theagency responsible for the damage assessment willcoordinate with the Department of Justice to determinewhether there will be criminal prosecution.

E. If there is no loss or possible compromise orunauthorized disclosure of classified information, thereport of preliminary inquiry will be sufficient toresolve any procedural infraction, and when appropriate,support the taking of any administrative action. Aprocedural infraction is an incident which involves themisuse or improper handling of classified informationwhere the action does not result in a possible compromiseof classified information.

F . Additional procedures may be required when reportinga security incident involving special access programmaterials. The Director, SDD, will provide thoseprocedures and coordinate that inquiry.


Page 14

l-00-40 ADHIRISTRATIVR AND CRIMINAL SARCTIORS

A. HHS employees may be subject to various administrativesanctions, including reprimand, termination of securityclearance, or suspension or termination of employment,as appropriate, if they:

1. Refuse to cooperate in the conduct of a pre-liminary inquiry or formal investigation regardinga national security issue.

2. Knowingly, willfully, or negligently cause anunauthorized disclosure of classified information.

3. Display a lack of security responsibility relatingto the proper handling and safeguarding of nationalsecurity information.

B. In addition to the administrative sanctions stated above,criminal sanctions may also be imposed. HHS employeesmay be subject to criminal sanctions as described underSections 641, 793,. 794, 798, and 952 of Title 18, U.S.C.,Section 783 (b) of Title 50, U.S.C. or other appropriatestatutes. Such sanctions may include penalties of upto $10,000 fine, or imprisonment for ten years, or both(refer to 1800 Briefing Booklet).

l-00-45 RRPCRTIRG RRQUIRRHRXTS

PSRs are responsible within their respective organizationsfor the submission of an annual National Security InformationData Report to the Director, SDD. The format for the reportwill be furnished to the PSRs by the Director, SDD, typicallynear the end of each fiscal year, to request data needed foroversight responsibilities. Some of the data requested isused to report to IS00 and other agencies with nationalsecurity responsibilities.

l-00-50 SUGGESTIOHS

Suggestions about the HHS National Security InformationProgram, as set forth in this manual, should be directedin writing to the Director, OPS. Suggestions for programimprovement may be discussed with the Director, SDD, atany time.

HHS Chapter 2-00Ntaional Security Information ManualHHS Trasmittal 92.01

Page 15

Subject: CLASSIFICATION

2-00-00 Purpose05 Original Classification10 Duration of Classification15 Derivative Classification20 Classification Guides

2-00-00 PURPOSE

This chapter tells how to classify information whichrequires protection in the interest of national security.

2-00-05 ORIGIXAL CLASSIFIC!ATIO~

A. No official of the DEBS is authorized under E.O.12356 to originally classify information asTOP SECRET, SECRET, or CONFIDENTIAL. However, ifin an evolving sensitive situation any employeeoriginates or develops national security informationwhich is believed to require original ClasSification,that employee must safeguard the information in themanner prescribed by Chapter 7-00. The informationmust be promptly transmitted to the Director, SDD, inthe manner provided by Chapter 8-00, unless adviseddifferently by the Director, SDD. The Director, SDD,must contact IS00 for guidance on further steps todetermine if the information is classifiable.

B. Under no circumstances shall information be consideredfor classification to conceal violations of law,inefficiency, or administrative error; to preventembarrassment to a person, organization, or agency; torestrain competition; or to prevent or delay therelease of information that does not require protectionin the interest of national security. Basic scientificresearch information not clearly related to thenational security shall not be considered forclassification.

2-00-10 DURATION OF CLASSIFICATION

A. Information shall be classified as long as required bynational security consideration. such determinationsshall only be made by the original classificationauthority.

HHS Chapter 2-00National Security Information ManualHHS Transmittal 92.01

Page 16

B. Documents classified by other agencies under predecessorE.0.s that are marked for automatic downgrading orautomatic declassification on a specific date or eventshall be downgraded and declassified according to theinstructions on the face of the documents.

c. Documents, classified by other agencies under predecessorE.O.s, that are not marked for automatic downgrading ordeclassification on a specific date or event must not bedowngraded or declassified without authorization, inwriting, from the original classification authority.

2-00-15 DRRIVATIVR CLASSIFICATIOR

A.

B.

c.

D.

Derivative classification is (1) the determination thatinformation is, in substance, the same as informationcurrently classified, and (2) the application of thesame classification markings. Employees who onlyreproduce, extract, or summarize classified information,or who apply classification markings derived fromsource material, or as directed by a classificationguide, need not possess original classificationauthority.

The application of derivative classification markingsis a responsibility of those who incorporate, paraphrase,restate, or generate in new form, information that isalready classified by an authorized originalclassification authority, or in accordance with anauthorized classification guide.

The overall classification markings and portion(paragraph) markings of the source document shouldsupply adequate classification guidance to the personmarking the extraction. If portion markings orclassification guidance are not found in the sourcedocument, and no reference is made to an applicableclassification guide, guidance must be obtained fromthe originator of the source document.

Employees who are authorized to apply -derivativeclassification markings must:

1. Be .designated,. in writing, by the supervisor whohas responsibility for the classified information,

.-and possess the Lappropriate level of securityclearance. A copy of the designation shall be-furnished to-the PSR and Director, SDD.

HHS Chapter 2-00National Security InformationHHS Transmittal 92.01

Manual

2. Respect and comply with the classification

Page 17

decisions reflected in the source document orclassification guide.

3. Carry forward to newly created documents themarkings and information prescribed by Section4-00-05.

4. Maintain a copy of the source document orpertinent identifying information from thesource document with the record or file copyof the derivatively classified document.

2-00-20 CIASSIFICATIOR GUIDES

A classification guide is written guidance that is issued byan official exercising original classification authority overparticular programs, projects, or classes of documents. Theprimary purpose of a classification guide is to ensure thatproper and uniform classification markings are applied toderivatively classified information.


Page 18

Subject: DECLASSIFICATION AND DOWNGRADING

3-00-00 Purpose05 Declassification and Downgrading authority10 Mandatory Review for Declassification

3-00-00 PURPOSE

The purpose of this chapter is to provide guidance relatingto the declassification and downgrading of information whichwas originated by other agencies and predecessor DHESagencies who had original classification authority underprior Executive Orders.

3-00-05 DECLASSIFICATIOH AND DOWHGRADIl?G AUTHORITY

A. Classified information originated by other agenciesshall only be declassified and downgraded by theofficial of the originating agency who authorized theoriginal classification, if that official is stillserving in the same position; by a successor; or by asupervisory official of either.

B. All classified documents originated by a DHHSpredecessor agency and being retained for someofficial reason, may be declassified by the Director,SDD, following the coordination with the IOS, OPDIV,or STAFFDIV that has subject matter interest in thedocuments. If it is determined that some informationmeets the current criteria of Section 2-00-10, orthere is some doubt concerning its classification,the information must be promptly transmitted in themanner required by Chapter 8-00, to the Director, SDD,for review and transmittal to an agency that hasappropriate subject matter interest and originalclassification authority. That agency shall decidewhether to declassify, upgrade, downgrade, or toextend the initial classification level of the document.

C. PSRs of each organization should require the annualreview of all classified documents in theirpossession and control to identify documentswhich require declassification, downgrading, ordestruction. This review should be accomplishedprior to completion of the DHHS Annual Status Reporton Classified National Security Information.

Page 19HHS Chapter 3-00National Security Information ManualHHS Transmittal 92.01

The following review guidelines shall be followed:

1. All o1d and obsolete classified documents whichhave served their purpose must be destroyed inthe manner prescribed by Chapter 9-00.

2 . All classified documents originated by anotheragency# as most are, and being retained forsome official reason, should be reviewed fordeclassification and downgrading in accordancewith the specific instructions contained on thecover or first page of the documents. If thereare no specific instructions, the originator ofthe documents should be requested to provide thenecessary information.

3-00-10 MANDATORY RRVIRW FOR DECLASSIFICATIOR

A. Classified information originally classified by theDHHS predecessor agencies, under prior E.O.s, must bereviewed for declassification upon receipt of a written. request by a U.S. citizen or permanent resident alien,a Federal agency, or a state or local government. Forrelease of the information, a valid request need notidentify the requested information by date or title,but must be of sufficient particularity to allow HHSemployees to locate the information sought with areasonable amount of effort. Requests should besubmitted to the Director, SDD.

B. The Director, SDD, will coordinate the request withthe office in charge of Freedom of Information (FOI)/Privacy Act(PA) requests, Office of the AssistantSecretary for Public Affairs, in an attempt to locatethe requested classified information. Responses torequests shall be governed by the amount of search andreview time required to process the request. However,in the interest of being responsive to such requests,the 106, STAPFDIV or OPDIV office which has primaryinterest in the subject matter must be contacted in anattempt to locate and review the requested information.Results of the review, including recommendations anda copy of the requested information, or a request foradditional time, must be furnished to the Director,SDD. E.O. 12356 requires that agencies make a finaldeclassification determination within one year fromthe date of receipt except in unusual circumstances.


Page 20

C. The IOS, STAFFDIV, or OPDIV office should make aprompt recommendation to the Director, SDD, for therequested information or portions to.be declassified.When the requested information cannot be declassifiedin its entirety, reasonable efforts shall be made torelease those declassified portions that constitute acoherent segment. If the information may not bereleased in whole or in part, the action office mustprovide the reasons for denial. When the classificationof the requested information is a derivative decision. based on classified source material of another agency,the information must be provided to that agency forreview and comment.

D. Upon receipt of the declassification review recommen-dation, the Director, SDD, must make the declassifi-cation determination after contacting the originatingagency, when necessary, and furnish any declassifiedinformation to the office handling FOI/PA requests fora determination regarding release of the information.

E. Declassification of all or any information must beaccomplished by the Director, SDD, by marking it toreflect the change as well as the authority for, anddate of, the declassification action. If the requestfor declassification is denied, in whole or in part,the Director, SDD, must notify the requestor of theinformation of the right to appeal the determinationwithin 60 days of receipt of the denial.

F. A reguestor may appeal to the ASPER when the requestedinformation is not declassified and released in whole.Appeal review procedures are as follows:

1. The ASPER shall normally make a determinationwithin 30 work days following the receipt ofan appeal. If additional time is required tomake a determination, the ASPER shall notify therequestor of the additional time needed and providethe requestor with the reason for the extension.If continued classification of the information isrequired, the ASPER shall notify the requestor inwriting of the final determination and of the reasonfor any denial.


Page 21

2. During the appeal review,.the ASPER may overruleany previous determination in whole or in partwhen, in his/her judgment, continued protection ofinformation is no longer required in the interestof the national security. If the ASPER determinesthat the information no longer requires classi-fication it shall be declassified and, unless itis otherwise exempt from disclosure under theFOIA/PA, released to the requestor. The ASPERshall advise the original DHHS reviewing office of

* his/her decision.

HHS Chapter 4-00Nationai Security Information ManualHHS Transmittal 92.01

Page 22

Subject: MARKING DERIVATIVELY CLASSIFIED DCCUMENTS

4-00-00 Purpose05 Identification and Markings

4-00-00 PUEPCSE

This chapter provides specific guidance for markingdocuments containing derivatively classified information.

4-00-05 IDENTIFICATIORI AND MAREINGS

A. Classified information must be marked at the time oforiginal classification to inform and warn the holderof the information about its sensitivity. An officialwho exercises original classification authority underE.O. 12356 is responsible for ensuring that the properclassification markings are applied. These markings arealso applied to derivatively classified documents whensuch action is taken in accordance with Section 2-00-20.

B. Derivatively classified documents shall be marked asfollows:

1. The highest level of security classification (TOPSECRET, SECRET, or CONFIDENTIAL), extracted from asource document or determined from an originatingagency's classification guide, must be marked orstamped at the top and bottom on the front cover(if any) 8 on the title page (if any), on the firstpage t and on the outside of the back cover or page.

2. Each interior page must be marked at the top andbottom according to the highest classification ofthe extracted information, i.e., TOP SECRET, SECRET,CONFIDENTIAL, or UNCLASSIFIED.

3. Each section, part, paragraph, subparagraph, orsimilar portion of a derivatively classifieddocument must be marked to show the level ofclassification assigned to the specificinformation.

.

_ . --

HHS Chapter 4-00Nationai Security Information ManualHHS Transmittal 92.01

Page 23

4. The following information shall also be broughtforward and reflected on the face of aderivatively classified document.

a. Classification Authoritv. The "CLASSIFIED BY"line must show a description of the sourcedocument or classification guide. If adocument is derivatively classified on thebasis of more than one source document orclassification guide, the "Classified By"line shall contain the notation "CLASSIFIEDBY MULTIPLE SOURCES." In these casesthe derivative classifier shall maintainthe identification of each source with thefile or record copy of the derivativelyclassified document. A document derivativelyclassified on the basis of a source document thatis marked "CLASSIFIED BY MULTIPLE SOURCES" mustcite the source document in its WLASSIFIED BY"line rather than the term "MULTIPLE SOURCES."For example, CLASSIFIED BY: JCS-J3, orCLASSIFIED BY: Department of State MCNooooo/ooooo. The MCN (Message Control Number)is cited at the top of each message/cable.

b. Declassification and Downuradinq Instructions.

Dates or events for automatic declassificationor downgrading, or the notation "OADR"(Originating Agency's Determination Required)to indicate that the document is not to bedeclassified automatically, must be carriedforward from the source document, or asdirected by a classification guide, and shownon the "DECLASSIFY ON" line.

C. Transmittal Documents

1. A transmittal document shall be marked to showthe highest level of classification of thederivative information contained in thetransmittal itself, if applicable, and in thematerial attached. A transmittal documentwhich does not contain classified information_ shall-be-marked with the highest level ofclassification of the attachments. The markingshall appear at the,top and bottom, of the firstpage only. In. addition to the classificationmarking, type the statement, "UNCLASSIFIED WBEN

KHS Chapter 4-00National Security Information ManualHHS Transmittal 92.01

Page 24

CLASSIFIED ATTACHMENT IS REMOVED,@~ at the bottommargin of the first page.

2. A transmittal document containing derivativelyclassified information shall be marked in themanner prescribed by Section 4-00-05 above, andcontain a legend showing the classification ofthe transmittal document standing alone. Forexample, if the removal of the transmittalmaterial will change the classification of thetransmittal document itself, it shall be marked:UPON REMOVAL OF ATTACHMENTS THIS DOCUMENT IS(enter highest classification of informationcontained in the transmittal document).

BBS Chapter 5-00National Security Information ManualHHS Transmittal 92.01

Page 25

Subject: ACCESS AND DISSEMINATION

5-00-00 Purpose05 Security Clearance and Access10 Administrative Downgrade or Withdrawal of Access15 ReStriCtiOnS20 DiSS8minatiOn of Other Agency Information25 DiSS8minatiOn of DEES Information30 Access by Foreign Nationals, Foreign

GOVermentS, International Organizations

5-00-00 PURPOSE

This chapter provides general guidance for granting accesst0 Classified infOrJILatiOn.

5-00-05 SECURITY CLEARAN CE AND ACCESS

A. An 8mploy88 is eligible for access to classifiedinformation provided the 8IUplOy88 has b88n det8lZlnin8dto be trustworthy and access is essential to theaccomplishm8nt of lawful and authorized Governmentpurposes. The Director, SDD, is responsible forprocessing personnel security investigations andthe granting of security clearances. A need foraccess to classified information must be demon-strated before a R8gU8St For Security Clearance,HI-IS Form 207, can be initiated. The numb8r Of8mplOy88S Cleared and granted access t0 classifiedinformation must be maintained at the minimum numberthat is consistent with operational requirementsand needs.

B. No one has a right to have access to classifiedinformation solely by virtue of title, position,or level of security clearance. The finalresponsibility for determining whether theindividual has been granted the level of Securityclearance needed, and Whether an individual requiresaccess to classified information, rests with theindividual who has possession, knowledge, orcontrol of the classified information, and not uponthe prospective recipient. Verification of a securityclearance may be mad8 through the individual'sPSR or the Director, SDD.

HHS Chapter S-00National Security Information ManualHHS Transmittal 92.01

Page 26

c. In addition to a security clearance, a person musthave a need-to-know the classified information inconnection with the performance of official duties.Persons who disclose classified information mustadvise recipients of the classification level ofthe information.

5-00-10 ADMINISTRATIVE DOWNGRADE OR WITHDRAWAL OF ACCESS

A. A PSR or the Director, SDD, in coordination with theappropriate office manager or supervisor, may determinethat a currently cleared individual no longer requiresaccess to classified information or requires accessat a lower clearance level. After notification to theindividual, the Director, SDD, may administrativelywithdraw or downgrade the clearance. If the clearanceis withdrawn, the individual should be debriefed andasked to sign the Security Debriefing Acknowledgmenton the lower portion of the back of Standard Form(SF) 312, Classified Information NondisclosureAgreement (see Exhibits). The SF-312 with originalsignature must be sent to the Director, SDD, formaintenance.

B. The Director, SDD, also may administratively withdrawa clearance whenever a previously cleared individualrefuses to comply with reinvestigation requirements.The clearance, subsequently, may be reissued basedupon compliance with reinvestigation requirements anda redetermination of the individual's trustworthinessand identifiable need for access.

c. A security clearance may be revoked by the ASPER whenit is determined that such clearance or access is nolonger consistent with the interests of nationalsecurity due to a question regarding the individual'strustworthiness or loyalty. Due process proceduresmust be followed when processing a revocation of asecurity clearance for cause. Guidelines published inFederal Personnel Manual Chapter 732, Personnel Security,should be followed.

D. Whenever a security clearance is administrativelywithdrawn or revoked the employee shall receive thetermination briefing prescribed by the HHS PersonnelManual. The Director, SDD, will notify the employee'sPSR about the termination of the security clearance sothat the PSR can inform the employeels supervisor, LCO,and others who have a need to know.


Page 27

5-00-15 RESTRICTIORS

A. Classified information must be discussed only withpersons who are properly identified, have the propersecurity clearance, and have a valid need-to-know theinformation in performance of official duties.Discussion of classified information in homes withrelatives or friends, in public places, on publicconveyances, or any place where unauthorized personsmay have access, is strictly prohibited. Classifiedinformation must not be released to employees orother persons for their private use.

B. Employees must not comment on published news articlesconcerning information that they know or think to beclassified. Publication by a news media does notconstitute proper authority for declassification,and is often the product of astute guessing.

C. Standard telephones, inter-office communicationsystems, and unsecured mobile radio telephonesmust not be used for purposes of discussingclassified information. A number of securetelephones are available throughout DHHS for useby cleared employees. The Director, SDD, canprovide their location.

5-00-20 DISSEMINATIOR OF OTHER AGERCY XNFORMATIOR

Classified information originated in another agency mustnot be disseminated outside the DHHS without the consentof the originating agency. Such consent must be main-tained in writing as a matter of record. This restrictiondoes not apply to the authorized dissemination within theDHHS unless such a limitation is stated on a specificclassified document.

5-00-25 DISSEMINATION OF DEHS INFORMATIOP?

Classified information originated by this Department,under the authority of prior Executive Orders, must notbe disseminated outside of the Department until the infor-mation is reviewed for downgrading or declassification inaccordance with Chapter 3-00.


Page 28

5-00-30 ACCESS BY FOREIGN RATIOHALS, FOREIGN GOvERHb@=TS,ABD IHTERXATIORAL ORGAMZATIOlyS

No HHS official or employee is authorized to discuss ormake available any classified information to foreignnationals, foreign governments, or internationalorganizations. Refer requests for such information tothe originating agency, or to the Director, SDD, forinformation originally classified by the Departmentunder predecessor Executive Orders.


Page 29

Subject: CUSTODY, ACCOUNTARXLITY, AND REPRODUCTION

6-00-00 Purpose05 Custody of Classified Information10 Accountability of Classified Information15 Production and Reproduction of

Classified Information

6-00-00 PURPOSE

The purpose of this chapter is to provide instructionsrelating to the custody, accountability, and reproductionof classified information in the possession of theDepartment.

6-00-05 CUSTODY OF CLASSIFIED IWFORXATIOW

A. Any employee who has possession of, or is chargedwith the responsibility for classified information,is responsible for protecting and accounting for thatinformation. The following measures shall be takento properly protect classified information:

1. While in use, classified documents must be keptunder observation of a cleared person or properlystored in accordance with Chapter 7-00.

2. An employee who receives a classified documentand has no authorized storage container availablemust either return the document, arrange withanother office to store the document in a mannerthat will meet the storage requirements asoutlined in Chapter 7-00, or destroy it by anapproved method in accordance with Chapter 9-00.Under no circumstances shall classified informationbe left unattended, be left in an unauthorizedstorage container, or be left in the custody of aperson who does not have the proper securityclearance and a need-to-know the information.

3. Classified information must only be delivered to orleft with cleared recipients.

4. Occupants of an office must ensure that unclearedpersons assigned to or viscting the office do nottake or read classified information, overhearclassified discussion,.or have visual access ofclassified information.

HKS Chapter 6-00National Security Information ManualHHS Transmittal 92.01

Page 30

5. Classified information must be discussed only withcleared persons who have the need-to-know, and mustnot be discussed in public or other places where itmay be heard by unauthorized persons.

6. Classified information must not be checked withbaggage or left in such places as privateresidences, locked or unlocked automobiles, hotelrooms, hotel safes, aircraft, train compartments,buses, public lockers, etc.

7. Classified information must not be read, studied,displayed, used or discussed in any manner in apublic conveyance or place.

6-00-10 ACCOUNTABILITY OF CLASSIFIED INFORMATION

A. Office managers and supervisors whose employees handleor store classified information must ensure thatprocedures are established for the accountability of TopSecret and Secret information. Such procedures shallprovide for tracing the movement of classified infor-mation, limited dissemination, prompt retrieval ofdocuments, detection of the loss of information, andprevention of excessive production and reproduction ofdocuments. At a minimum, the following accountabilityprocedures shall be established for each level ofclassification.

1. Top Secret Information.

a.

b.

::

.- --

A TSCO, designated in accordance with Sectionl-00-3OC, shall administer each authorizedTop Secret Control Account by using aClassified Document Accountability Record,HHS Form 208 (see Exhibits), to track eachTop Secret document. Only Top Secretdocuments shall be accounted for on thisHHS Form 208.

A Classified Document Receipt, HHS Form 25(see Exhibits), must-be used each time TopSecret documents are transmitted from oneindividual, office, organization, or agencyto another+- .HHS Forms 208 and 25 should bedestroyed..five:years after the Top Secretdocuments are destroyed, transferred, ordowngraded.


Page 31

2. Secret and Confidential Information.

a. A separate HHS Form 208 must be used toaccount for all Secret documents receivedby an HHS office. HHS Form 25 must be usedas a receipt for Secret documents wheneverthey are transmitted from one individual,office, organization, or agency to another.These HHS Forms 208 and 25 should bedestroyed two years after the relateddocuments are destroyed, transferred, ordowngraded.

b. Accountability records and document receiptsare not required for Confidential information,although their use is a good security practiceto aid in controling these classified documents.However, Confidential information must behandled, stored, and transmitted in accordancewith the provisions of this manual. Confi-dential documents can be accounted for on thesame HHS Form 208 that is used for Secretdocuments and the same HHS Form 25 can be usedwhen Confidential documents are being sent withSecret ones.

3. Working Papers. Working papers are documents,including drafts, that are created to assist in theformulation and preparation of a finished document.Working papers containing classified information mustbe handled and safeguarded like normal classifiedinformation.

4. To prevent the inadvertent or unauthorizeddisclosure of Top Secret, Secret, andConfidential classified information, it must beprotected by a cover sheet. Standard Form (SF) 703(Top Secret Cover Sheet), SF 704 (Secret Cover Sheet),or SF 705 (Confidential Cover Sheet) must be usedfor this purpose (see Exhibits). A SF 703, 704, or705 cover sheet must be affixed to the front of theclassified document and remain attached until thedocument is destroyed. At the time of destructionthe forms- should be removed and, depending upontheir condition, reused. Xf an office routinelyreceives numerous Confidential cable messages, e.g.those from the State Department, they can be keptin separate -file -folders with a SF 705 attached tothe front of each folder.


Page 32

5. Limited Official Use (LOU) information is notclassified national security information andtherefore is not covered by E.O. 12356. However,the information, which usually involves sensitiveState Department activities, should be tightlycontrolled and stored in a secure room likeConfidential information (See Section 7-00-20).No security clearance is required to handle LOUinformation (for guidance regarding handling LOUor For Official Use Only (FOUO) informationcontact your OPDIV records management officer).

6-00-15 PRODUCTIOW AWD RRPRODUCTIOE? OF CLASSIFIEDIWPORXATIOW

A. Only SDD approved automated information systems maybe used to produce classified information derivedfrom other classified sources. Word processors orcomputers must p& be used to process classifiedinformation without authorization, in writing, fromthe Director, SDD.

B. Typewriter ribbons used in typing classified informationmust be treated as classified material'and safeguarded .after use or properly destroyed.

c. All classified documents shall be subject to thefollowing reproduction restrictions:

1 . The designated LCO shall be the only personauthorized to reproduce classified documents.

2. The number of copies shall be kept to aminimum to decrease the risk of compromiseand reduce storage costs. Any statedprohibition against reproduction must bestrictly observed.

3 . Reproduction equipment used by LCOs toreproduce classified documents must bespecifically designated, and the followingrules shall apply:

a. Make sure that the number of copiesprogrammed actually are delivered.

b. Reproduce only the number authorized.


Page 33

4.

s.

c. Account for all copies including originalsbefore leaving the machine.

d. Ensure that.all classification and anyspecial markings appear on reproduced copies.

e. If the machine malfunctions, stay with itand send for any needed help. Correct themalfunction and verify that no classifiedpages remain in the machine.

All copies of classified documents reproduced for anyauthorized purpose are subject to the same controlsprescribed for the document from which the reproductionis made.

HHS Form 208 (see Exhibit), must show the number anddistribution of reproduced copies of all Top Secret andSecret documents, and any Confidential documents thatbear special dissemination and reproduction limitations.


Page 34

Subject: STORAGE

7-00-000510152025303540

PurposePolicyStandardsStorage of Top Secret InformationStorage of Secret and Confidential InformationCombinations to Security ContainersRelocation of Security Storage ContainersRestrictions on Use of Storage ContainersSafe or Cabinet Security Record

7-00-00 PURPOSE

This chapter provides instructions relating to the storageof classified information.

7-00-05 PCLICP

Classified information must be stored under conditions thatwill provide adequate protection and prevent access byunauthorized persons. Whenever classified information is notunder the personal control and observation of a cleared employeewho has been authorized access to information based on a need-to-know, the information must be stored in a locked securitycontainer approved for such storage.

7-00-10 STAWDARDS

A. The General Services Administration (GSA) establishes andpublishes minimum standards, specifications, and supplyschedules for containers, vaults, alarm systems, andassociated security devices suitable for the storage andprotection of classified information. Safe-type filingcabinets conforming to Federal specifications bear a TestCertification Label on the locking drawer attesting to thesecurity capabilities of the container and lock.

B. The Director, SDD, may establish additional supplementarycontrols to prevent unauthorized access. The impositionof such additional controls should be based on thevolume, nature, and sensitivity of the information to beprotected in relation to other factors such as types ofcontainers, presence of guards, vault-type space, andintrusion detection alarms.


Page 35

7-00-15 STORAGE OF TOP SECRET IWFORMATIOX

A. When not in use, Top Secret information must be storedin a GSA approved security container with a built-in,three-position, dial-type changeable combination lock.The security container shall be protected by an alarmsystem backed up by an armed response force.

B. In addition to the requirement specified above,admittance to the area in which Top Secret informationis stored must be limited to cleared employees assignedto the area and to cleared persons who have beenauthorized access to the area. Persons not authorizedaccess, but whose presence in the area is temporarilyrequired, must be escorted and kept under constantobservation.

7-00-20 STORAGE OF SECRET AND CONFIDENTIAL INFORMATIO#

When not in use, Secret and Confidential information must bestored in a manner and under the conditions prescribed forTop Secret information or in a non-alarmed, safe-type filingcabinet having an approved, built-in, three-position, dial-type changeable combination lock, or in a steel filing cabinetequipped with a steel lock bar secured by a GSA approvedthree-position, dial-type changeable combination. LOUinformation should be stored like Confidential information.

7-00-25 COMBI#8TIODlS TO SECURITY CONTAINERS

A. Combinations to security containers may be changed byPSRs, LCOs, Custodians of Classified Files, othercleared employees authorized access to the informationbeing stored, or by a bonded commercial locksmith orcontractor. Combinations must be changed:

1. When the container is placed in use;

2. When an employee knowing the combination no longerrequires access to the combination;

3 . When a combination has been subjected to possiblecompromise:

4. At least once every 12 months: or

5. When the container is taken out of service.

KHS Chapter 7-00National Security Information ManualHHS Transmittal 92.01

Page 36

B.

c.

D.

Records of the combination of a lock used for thestorage of classified information must be affordedprotection equal to that given the highest levelof the classified information stored therein.Combinations must be memorized, recorded onStandard Form (SF) 700, Security Container Informa-tion (see Exhibits), and stored in another approvedsecurity container. PSRs must establish proceduresfor the secure storage of the SF 700 combinationenvelope.

SF 700 must be completed to show the names, addresses,and telephone numbers of employees who are to becontacted if the security container, to which the formpertains, is found open and unattended by an authorizedperson. Part 1 of the form must be attached to theinside of the container so it is visible if the containeris open. Parts 2 and 2A of the SF 700 are used to recordthe security containerrs combination which is insertedinto the envelop portion for secure storage. Part 2 and2A of each completed copy of SF 700 must be classified atthe highest level of classification of the information inthe security container. A new SF 700 must be completedeach time the combination to the security container ischanged.

Access to the combination shall be given only to thoseemployees who are cleared and authorized access tothe classified information stored in the container.Knowledge of combination must be limited to theminimum number of employees necessary for operatingpurposes.

7-00-30 RELCCATIOW OF SECURITY STORAGE CONTAINERS

When an office having custody of classified informationphysically moves from one office or building to another,the classified information may be retained in the approvedsecurity container. However, the custodian or othercleared employees must maintain constant supervision of thecontainer during the move. The PSR must be notified priorto relocating a security container used for the storage ofclassified information and may decide to temporarily storethe classified information in another approved container.

HKS Chapter 7-00National Security Information ManualHHS Transmittal 92.01

Page 37

7-00-35 REsTEICTIo#B ON USE OF STORAGE CoEl!AIr!lERS

A. Security containers used for the storage of classifiedinformation should not be routinely used for the storageof cash, checks, weapons, controlled drugs, preciousmetals, personal items, or other items susceptible totheft.

B. Security storage containers should be located in anoffice occupied by an LCO or Custodian of classifiedFiles but must not be located in office storage areas,corridors, hallways, or in the vicinity of unsupervisedexits.

7-00-40 SAFE ORCABINET SECURITY RECORD

A. SF 702, Security Container Check Sheet (see Exhibits),must be placed on the outside of each container holdingclassified information to record each time the containeris opened and closed. The person opening and closing thecontainer must write in the time of each operation andinitial the form. There is also space on the SF 702 forthe initials of the person performing the daily check for 'closure of the container. Someone must perform this checkat the end of each work day to assure the container islocked.

B. Each SF 702 can be used for four months and should bedestroyed whenever a new one is put into use.

c. SF 701, Activity Security Checklist (see Exhibits),also can be used to provide for additional assurance thatsecurity containers have been locked and other end ofthe day security measures have been taken. This formmust be used in a security office or other locationswhere there are a number of security containers holdinga large quantity of national security information.


Page 38

Subject: TRANSMISSION

8-00-00 Purpose05 Transmittal Outside DHHS Building10 Transmittal Within DHHS Building or Building Complex15 Receipt for Classified Information20 Accountability Procedures Prior to Transmission25 Methods of Transmission30 Hand-Carrying Classified Information By Couriers

8-00-00 PURPOSE

The purpose of this chapter is to provide instructionsgoverning the transmission of classified information.

8-00-05 TRANSMITTAL OUTSIDE DBES BUILi3IHG

A. All classified information transmitted outside a DHHSbuilding must be enclosed in opaque inner and outercovers (e.g. sealed envelopes or wrappings). The innersealed opaque cover must show the completed forwardingand return address and be clearly marked on both sides,top and bottom, with the highest security classificationof its contents. The outer sealed opaque cover mustbe addressed in the same manner but must not bear anvclassification markinas or other indication thatclassified information is enclosed. Markings on theinner cover must not show through the outer cover.Classified information must be addressed to a personknown to have a security clearance. The identity ofthe intended recipient must be indicated on an attentionline on the inner cover or on an attention line placedin the letter/memorandum of transmittal.

B. Material used for packaging must be of such strength anddurability so as to provide protection in transit and toprevent items from breaking out of the covers. Bulkypackages must be sealed with tape laminated with asphaltand containing rayon fibers or nylon filament tape,or equivalent.

8-00-10 TRANSHITTAL WITHIN DRES BUILDI13G OR BUILDING COKPLEX

A. All classified information transmitted between officeswithin a DHHS building or complex of buildings shouldbe placed in a sealed opaque cover marked with the levelof classification. All documents must have cover sheetsattached, i.e., Standard Forms 703, 704, or 705.


Page 39

Classified information carried in these covers must bepromptly hand-carried by employees possessing a securityclearance commensurate with the highest level ofclassification of the information being hand-carried.

B. Whenever security mail is opened in error by employeesnot authorized to open such mail, the envelope orcontainer must be immediately resealed and markedl@OPENED IN ERROR" (time and date) by (employee's name),and then promptly hand-carried to the proper recipientor LCP. In any such circumstances, it is theresponsibility of the employee to ensure that theenvelope or container is properly stored in themanner prescribed by Chapter 7-00 until personaldelivery can be accomplished.

8-00-15 RECEIPT FOR CLASSIFIED INFORXATIOW

HHS Form 25, Classified Document Receipt (see Exhibits),must be completed for all transmissions of Top Secret andSecret information. The receipt shall be attached to orenclosed in the inner cover. The sender must retain his/her returned copy signed by the recipient as proof of theofficial transfer of the document(s): Top Secret receiptshave a five year retention period, with two years for Secret.The transmission of Confidential information does not requirea receipt but may be used for further accountability.

8-00-20 ACCOUXTABILITY PROCEDURES PRIOR TO TRANSMISSION

All classified material designated for transmission, regardlessof designation, must be processed through the LCP, to includethe TSCO if the information is Top Secret. The LCO mustensure that document accountability is maintained on HHSForm 208, that required receipts are attached and correct,and that the packaging meets requirements.

8-00-25 METHODS OF TRANSMISSIO#

A. Top Secret Information. Top Secret information mUSt Onlybe transmitted by one of the following methods:

1. Hand-carried by Top Secret cleared and designatedemployee (courier) within the United States and itsterritories provided the information is deliveredbefore the close of business on the same day;


Page 40

2. Cryptographic systems (automated information systems,secure telephone, secure facsimile systems, etc.)approved for the transmission of classified materialat the appropriate level by the Director, NSA andauthorized by the Director, SDD:

3. The Armed Forces Courier Service (ARFCOS); or

4. Diplomatic pouch through the Department of StateDiplomatic Courier System,

B. Secret Information. Secret information must betransmitted by:

1.

2.

3.

4.

5.

Any of the means approved for the transmission ofTop Secret information, except that the courier onlyneeds to be cleared at the Secret level;

United States Postal Service (USPS) reaistered mailwithin and between the United States and itsterritories;

U.S. registered mail through Military PostalService facilities outside the United Statesand its territories provided that the informationdoes not at any time pass out of the control ofthe United States Government and does not passthrough a foreign postal system or any foreigninspection;

A cleared and designated employee (courier) onscheduled commercial passenger aircraft within andbetween the United States and its territoriessubject to the procedures and restrictions setforth in Section 8-OO-30B, below;

Information classified up to Secret may betransmitted by a DHHS messenger provided theclassified document is in a double envelope, asspecified in Section 8-00-05 above, and handledlike U.S. registered mail with a receiptattached to the outer envelope.

c. Confidential Information. Confidential informationmay be transmitted by the means approved for thetransmission of Top Secret or Secret information andby the USPS certified mail within and between theUnited States and its territories. Outside of theseareas, Confidential information must be transmitted

Page 41HHS Chapter 8-00National Security Information ManualHHS Transmittal 92.01

only as is authorized for Top Secret or Secretinformation.

8-00-30 EAl!lD-CARRYIHG CIJSSIFIED I#FoRM2iTIO# BY COURIERS

A. Restrictions. Designated employees (couriers) may beauthorized to hand-carrv classified information outsideof

1.

2.

3.

4 .

5.

DHHS buildings subject to the following conditions:

The employee*s security clearance must be the sameor higher than the classification of the materialbeing carried.

The storage provisions of Chapter 7-00 shall applyat all stops en route to the destination, unless theinformation is retained in the personal possessionand constant surveillance of the employee at alltimes. The hand-carrying of classified informationon trips that involve an overnight stopover is notpermissible without advance arrangements for properovernight storage in a Federal Governmentinstallation or a cleared United States contractorIsfacility: .When classified information is carried in a private,public, or Government conveyance, it must not beleft in automobiles, hotel rooms, hotel safes,aircraft or train compartments, private residence,or public lockers;

Employees must carry their DHHS identification cardor badge whenever carrying classified informationoutside of DBRS buildings.

The LCO must be informed each time classifiedinformation is to be carried by an employee so thatthe LCO can designate that employee as a courier.The LCO shall authorize, orally or in writing, theuse of the designated employee as a courier andassure the employee has been briefed in courierresponsibilities as detailed in this chapter.

B. Aboard Commercial Passenger Aircraft.

1. Classified information may be hand-carried aboardcommercial passenger aircraft within and between theUnited States and its territories only in anemergency when the information is not available atthe destination and because of an urgent situation


Page 42

there is neither time nor means available to pro-perly transmit the information by other methodsstated in Section 8-00-25. Permission to hand-carry classified information aboard such aircraftshall be granted on a case-by-case basis by thethe Director, SDD.

Under no circumstances will any level of classifiedinformation be hand-carried across internationalboundaries.

Procedures for hand-carrying classified informationaboard commercial passenger aircraft is as follows:

a.

b.

c.

d.

All the provisions of Section 8-00-30 will bestrictly complied with.

The person hand-carrying the classified infor-mation will be designated as a courier, inwriting, by the Director, SDD.

The classified information being hand-carriedwill contain no metal binding and will bedoubled-wrapped, addressed and sealed as outlined in Section 8-00-05. The envelope will beplaced in a briefcase or other piece of carry-onluggage.

The person authorized to hand-carry theclassified information will process throughthe routine airline ticketing and boardingprocedures. The briefcase or carry-onluggage will be routinely offered foropening for inspection, if requested.The screening officials may check envelopeby x-ray machine, flexing, feel and weight,without opening the sealed envelope.Airport screening officials may be shownproper identification and the courierauthorization documentation to avoidhaving the envelope opened.


Page 43

e. If airline screening officials still insiston opening the envelope, the person willask to see a FeUeral Aviation Administration.(FAA) field office representative. If theFAA representative still insists on openingthe envelope after being shown properidentification and the courier authorizationdocumentation, the person will not attemptfurther boarding but shall make alternatearrangements for completing the travel.Under no circumstances should the courierallow the envelope to be opened.


Page 44

Subject: DISPOSAL AND DESTRUCTION

9-00-00 Purpose05 Disposal of Classified Information10 Destruction of Classified Information15 Emergency Protection, Removal, and Destruction

9-00-00 PURPOSE

The purpose of this chapter is to provide instructionsgoverning the disposal and destruction of classifiedinformation.

g-00-05 DISPOSAL OF CLASS~PIED IIUFORMATIOI?

A. Early disposal/destruction of unnecessary classifiedinformation can assist in preventing securityviolations, reducing security costs, and providingbetter protection for classified information thatneeds to be retained for some official purpose.

B. Because DHHS does not have original classificationauthority, most of the DHHS classified holdings arenon-permanent or non-record classified information,such as copies of classified documents from otheragencies intended solely for reference purposes.These documents should be destroyed as soon asthey have served their official intended purpose,have been superseded, or are obsolete. Retainthose classified documents which contain currentpolicy information. other documentary recordmaterials which are classified must be disposed ofin accordance with General Records Schedule publishedby the National Achieves and Records Administration.

c. Since almost all classified information in possessionof HHS employees is originated by another agency, theoriginating agency will probably have a copy of theclassified document if our copy is later Uestroyedand we subsequently have a need to review it. Properdocumentation in the accountability records, HHS Form208 (see Exhibits), will allow for tracking thedocument back to the originating agency.

9-00-10 DESTRUCTIOE OF CLASSIFIED IEFORMATIOBI

A. Documents containing classified information mustbe destroyed in a manner to preclude recognition

H+iS Chapter 9-00N{ational Security Information ManualHKS Transmittal 92.01

Page 45

or reconstruction of the classified information inwhole or in part. Heads of offices or organizations(e.g., division directors) in possession of classifiedinformation must establish internal procedures forthe proper destruction of classified information.Such procedures must ensure that adequate destructionmethods are used, classified information isprotected during transport to the destructionarea, adequate records are maintained, and thedestruction is properly witnessed.

B. 'Destruction of classified information must beaccomplished by one of the following methods:

1.

2 .

3 .

ShredUers may be used for the destructionof classified information provided theshredders are listed on the GSA FederalSupply Schedule as approved securitydestruction devices. These approvedshredders cross-cut the strips to a sizeof approximately l/32" in width and l/2'&in length.

The burning method, when approved by the PSR,may be used for the destruction of classifiedinformation. The documents containing theinformation must be burned completely and nounburned pieces shall remain or be allowed toescape by wind or draft.

Classified information may be destroyed alsoby the pulping, disintegration, or pulverizingmethod. Such methods of destruction and theequipment used for such must be approved by thePSR.

Classified material awaiting destruction must beproperly stored in an approved security storagecontainer. Boxes, bags, sealed envelopes, or otherlike containers used for the collection andtransportation of classified material must provideadequate safeguards to prevent the loss of thematerial. When transporting classified material toa destruction area such containers must not be leftunattended.

D. The lower portion of RHS Form 25 is the officialCertificate of Destruction and must be used as areceipt to indicate the destruction of Top Secret

HHS Chapter 9-00National Security Information ManualHKS Transmittal 92.01

Page 46

E.

and Secret information. The form must include afull unclassified description of the material, thedate of actual destruction, and witness to theactual destruction. For Top Secret informationtwo employees must sign the form, one as thedestruction official and the other as the witnessingofficial. Just the destruction official is requiredto sign for Secret information. Employees who conductand witness the destruction of classified informationmust possess a security clearance commensurate withhighest level of information being destroyed.Destruction certificates are not required forConfidential information unless prescribed by theagency that originated the information.

HHS Form 25, used for the destruction of Secret orConfidential information, must be maintained for aminimum of twa years. When used for the destructionof Top Secret information, the form must be maintainedfor five years and then destroyed. These destructioncertificates can be maintained at any location approvedby the PSR.

Classified waste material must be destroyed as soon aspractical by one of the approved destruction methods.This applies to all waste material containing classifiedinformation, such as preliminary drafts, carbon sheets,fabrics or plastic typewriter ribbons, stencils,stenographic notes, working papers, and similar items.Employees who are designated to destroy classifiedwaste material must possess the appropriate securityclearance and the need-to-know the information.Destruction certificates are not required for classifiedwaste material. Pending destruction, all classified wastematerial must be stored in an approved security container.

F. Typewriter and automated information systems equipmentribbons used in transcribing classified material mustbe stored in an approved security container when notin use or until the ribbon is cycled through thetypewriter or printer a sufficient number of times toobliterate information contained thereon. Normally thiscan be accomplished if the ribbon is completelyoverprinted five times in all ribbon typing or printingpositions. Any ribbon which remains substantiallystationary (that is, receives at least five consecutiveimpressions) shall be treated as unclassified. Ribbonswhich are not obliterated must be destroyed as otherclassified materials.


Page 47

G. ClaSSifi8d lU8SSzLQ8S, which are generated during aclassified exercise, need not be processed into anaccountability system or brought under Control ifthey are destroyed within 30 calendar days afterCompletion Of the 8X8rCiS8. Certificates ofdestruction are not r8gUir8d for these messages.However, classified exercise messages that areretained beyond the 30-day period will be con-trolled and d8StrOy8d in th8 same manner as OtheraCCOUntabl8 classified messages. These classifiedmessages, awaiting destruction, must b8 safeguardedand stored in the manner stated in Chapter 7-00.

g-00-15 EMERGENCY PROTECTION, REHOV24L, AND DESTRUCTION

A. In the event of fire, natural disaster, civil distur-bance, or an evacuation of office space, classifiedinformation must be protected either by placing it ina locked approved security container, relocating it toanother office/organization for proper storage, or byproperly destroying the information. Employees who areaway from their office and have classified information intheir possession at the time of an emergency must assurethat such information is properly Safeguarded or destroyed.

3. Only the Secretary or designee may order the Safe removalor emergency destruction of U.S. and NATO classifiedmaterial. Upon receipt of the order, th8 Director, SDD,Will immediately notify th8 LCOs Of all affected OffiCeSand inform them of th8 emergency plan. In all situations,highest priority for removal or destruction will be givento the highest level of classified material, e.g., TopSecret Special Access is first priority, then regular TopSecret, then NATO Secret, then regular Secret, 8tC.

c. The PSR must ensure that all offices in possession ofClassified information must have plans for the emergencyprotection, removal, and destruction of the information.The location and identity of the information to bedestroyed, priorities for destruction, persons r8SpOnSibl8for destruction, and recommended place and method ofdestruction must be predetermined and persons fullyindoctrinated. The Director, SDD, can assist in thepreparation of such plans.

D. A copy of the written plans for emergency handling ofClassified information should be filed in a readilyaccessible location inside each security Container beingused for the storage of Classified information.

HHS chapter lo-00National Security Information ManualHHS Transmittal 92.01

Page 48

Subject: SECURITY AWARENESS, CONTACT WITH CERTAIN FOREIGNNATIONALS, AND FOREIGN TRAVEL

10-00-00 Purpose05 Security Awareness and Reporting Contact with Certain

Foreign Nationals10 Foreign Travel Requirements15 Designated Countries

10-00-00 PURPOSE

This chapter provides PSRs and employees with instructionsrelating to security awareness concerns regarding contactwith certain foreign nationals and specific foreign travelrequirements..

10-00-05 SRCURITY AWARRWESS AWD RRPCRTIWG CONTACT WITH CERTAIWFOREIGIW NATIONALS

A. NSDD 197, signed by the President on November 1, 1985,calls for the establishment of procedures which will:

1. Create and maintain a formalized security awarenessprogram designed to ensure that employees are awareof the potential threat to the Department'sclassified, proprietary, and sensitive informationfrom foreign sources, whether overt or covert.This program must include a periodic formal briefingof the threat posed by hostile intelligence services.

2. Provide for the reporting, under defined circum-stances, of the employee contacts with nationalsof certain designated foreign countries or politicalentities.

B. The reporting requirements of NSDD 197 specifically applyonly to HHS employees who, through their job functions oraccess to national security or sensitive information ortechnology, invite targeting or exploitation by foreignintelligence services. The unauthorized release ofsensitive information or technology and contacts withforeign nationals of high risk designated countries mustbe reported in accordance with subparagraphs C and D below.

HHS Chapter lo-00National Security Information ManualHHS Transmittal 92.01

Page 49

c. HHS employees, who have a security clearance or whocould be targeted for exploitation because of theirposition or access to sensitive information, havecertain reporting requirements. They must report allcontacts with individuals of u nationality, eitherwithin or outside the scope of the their officialactivities, in which:

1. Illegal or unauthorized access is sought toclassified or otherwise sensitive information.

2. They are concerned that they may be the targetof an attempted exploitation by a foreign entity.

D. These employees must also report &J contacts withnationals of high risk desicrnated countries (seeSection 10-00-15) which appear to:

1. Indicate an attempt or intention to obtainunauthorized access to classified, proprietary,or sensitive information;

2. Offer a reasonable potential for such access; or

3. Indicate the possibility of continued professionalor personal contacts.

E. Employees subject to these reporting requirements mustsubmit a written report to the PSR within five daysof the occurrence. Employees in doubt as to whethera written report is required should call their PSR orthe Director, SDD. The report should be as specificas possible regarding the facts about the contact,including the identity of the hostile or potentiallyhostile source. The PSR must promptly notify theDirector, SDD, about the employee's report and theDirector, SDD, will notify the FBI, if deemednecessary.

F. Definitions of Certain Words and Terms.

1. @'Contact*@ means any form of meeting, association,or communication regardless of who initiated thecontact or whether it was for social, official,or private purposes. This includes any contact inperson, by telephone, letter, radio, or any formof communication, even if no official informationwas discussed or requested.

HHS Chapter lo-00 Page 50'National Security Information ManualHHS Transmittal 92.01

2.

3.

"Proprietary information" is that businessinformation which was developed by the privatesector, and furnished to the Department with theexpectation or condition that it be protected.Information of this type referred to as tradesecret material requires protection againstunauthorized disclosure under Title 18, U.S.C.,Section 1905 and Title 21, U.S.C., Section 3315.

"Sensitive information I* is that unclassifiedinformation the loss, exploitation, orunauthorized disclosure of which could impairthe national security or foreign relations ofthe U.S., or affect the ability of theDepartment to meet stated goals and/or objectivesof national interest. Sensitive information alsoincludes that privileged information which qualifiesas an exemption under the Freedom of Informationand the Privacy Act of 1974, and other informationprovided by another U.S. Department or Agencywith the expectation or condition that theinformation will be protected. Sensitive 'information does not include information in thepublic domain or that given out under the auspicesof bilateral agreements.

G. None of the reporting requirements contained in thischapter is intended to replace existing agreementsbetween the Department of State and DHHS components toreport suspicious activities. These requirements arein addition to those already established. Employeesin Special Access Programs have additional reportingrequirements (See Section 10-00-10 below).

10-00-10 FOREIGl?TRAVELRBQUIREMBNTS

A. IiHS employees who travel to foreign countries toattend international, scientific, technical, medical,or other professional meetings or conferences maycome into contact with representatives of high riskdesignated countries. These contacts must be reportedin accordance with Section 10-00-05 above.

HKS Chapter lo-00National Security Information Manual

Page 51


B. KHS employees, who have Top Secret clearances forparticipation in a highly sensitive Special AccessProgram, must report to the Director, SDD, theirintent to travel to or through any of the high riskdesignated countries listed in Section 10-00-15.They must report this information, orally or in writing,in advance of the planned trip, whether on private orofficial business, so that they can be afforded adefensive security briefing. Other HHS employeesmay request such a briefing from their PSR who canobtain briefing materials from the Director, SDD.

C. This defensive security briefing is in addition toany normal Department of State briefing provided togovernment employees traveling on official business.The briefing will cover safeguarding requirements forclassified and other sensitive information and willinclude security awareness guidelines.

D. When any employee in a Special Access Program returnsfrom travel to or through any of the high riskdesignated countries, he/she must contact the Director,SDD, for a security debriefing. Other employeestraveling to these designated countries should reportany incidents or concerns to their PSR. The employeesshould be advised that it is essential to report anysuspected attempts to obt in classified, proprietary,or sensitive information, or efforts to recruit,compromise, harass, or entrap the employee. suchinformation received by a PSR must be promptlyreported to the Director, SDD.

Page 52HHS Chapter lo-00National Security Information ManualHKS Transmittal 92.01

10-00-15 DESIGNATED COUNTRIES

A. These are the hiqh risk designated countries for whichthere are certaii reporting and travel requirements(current as of date of issuance of this manual):

Afghanistan

Albania

Angola

Armenia*

Azerbaijan*

Belarus*

Bulgaria

Cuba

Estonia*

Ethiopia

Georgia*

Iran

Iraq

Kampuchea(formerly Cambodia)

Kazakhstan*

Kurile Island and southSakhalin (karafuto)

Kyrgystan*

Laos

Latvia*

Libya

Lithuania*

Moldova*

Mongolian People,sRepulic (Outer Mongolia)

Nicaragua

North Korea

People's Republic ofChina (including Tibet)

Romania

Russia*

South Yemen

Tadjikistan*

Turkemistan*

Ukraine*

Uzbekistan*

Vietnam

Yugoslavia (includingCroatia and Serbia)

* Formerly part of the Union of Soviet Socialist Republics (USSR)


Page 53

Subject: OTHER SPECIAL SECURITY PROGRAMS

11-00-00 Purpose05 Policy10 Communications Security (COMSEC) and Secure Voice15 North Atlantic Treaty Organization (NATO)20 Special Access Programs

11-00-00 PURPOSE

The purpose of this chapter is to provide general informationand instructions regarding other special security programsthat could be of interest to some Department officials whohave national security responsibilities.

11-00-05 POLICY

It shall be the policy of the Department to establish, wherean identifiable need exists, the special security programsdescribed in this chapter and to fully comply with securitydirectives issued by the Federal agencies identified for eachprogram area.

11-00-10 COBMDl?IC!ATIOB SECURITY (COBSBC) AND SBCUBB VOICE

A. COMSEC means protective measures taken to denyunauthorized persons information derived fromtelecommunications or to assure its authenticity.Such protection results from the application ofvarious security measures, including crypto-security,transmission and emission security, and certainphysical security measures needed for protection ofCOMSEC information and materials. The Director,National Security Agency (NSA), is responsible forissuing COMSEC instructions for all approvedcryptographic systems.

B. National security information must not be discussedover, or otherwise transmitted or processed by, anyform of telecommunications unless approved measuresare taken to protect the information. COMSEC is theonly system of security measures used to protectclassified information utilizing cryptographic keyingmaterial and eguipment.

HHS Chapter 11-00National Security Information Manual

Page 54


C. The Secure Telephone Units (STU) III developed by theNSA provide, by use of COXSEC measures, secure voicetransmission capability during discussions involvingthe highest levels of classified national securityinformation and other highly sensitive/proprietaryinformation.

D. Upon determining the need for any COMSEC support orsecure voice transmission system capability, the PSRshould submit a request to the Director, SDD. Therequest shall contain all pertinent circumstancesrelating to the type of support or system needed.

33. Specific cryptographic access requirements arerequired for some HHS employees, such as COMSECCustodians, because of their on-going need to handlecertain classified cryptographic information. TheDirector, SDD, is responsible for processing andissuing crytographic accesses which meet the policyrequirements of the National Telecommunications andInformation Systems Security Committee.

11-00-15 NORTH ATLANTIC TREATY ORGANISATION (NATO)

A. The U.S. national security authority responsiblefor the security of NATO classified information isthe ununited States Security Authority for NATO Affairs(USSAN) ." The USSAN is the Secretary of Defense.The USSAN has established under the Secretary of theArmy a U.S. national registry known as the CentralUnited States Registry (CUSR). The Chief, CUSR, isauthorized to establish and disestablish U.S. NATOsubregistries, release NATO documents to U.S.departments and agencies, and to conduct inspectionsof all subregistries and control points.

B. NATO security procedures governing the protectionand handling of NATO classified information in thepossession of this Department are contained in USSANInstruction l-69, Implementation of NATO SecurityProcedures. The instruction, which contains someNATO classified information, has been assigned anoverall classification of CONFIDENTIAL.


Page 55

c. A NATO SECRET subregistry, established in accor-dance with USSAN Instruction l-69, is located inthe Office of the Director, SDD. The Director, SDD,is authorized to establish NATO SECRET Control Pointswhere an operational need exists to maintain certainNATO SECRET, CONFIDENTIAL, or RESTRICTED information.

Written justification relating to the need of a controlpoint shall include a description of the classifiedNATO documents needed, and be furnished to the Director,SDD. Formal access to NATO classified information maybe authorized only when the Department has authorizedan employee access to U.S. information of an equivalentclassification, and the employee has been given a NATOsecurity.briefing.

11-00-20 SPECIAL ACCESS PROGRAXS

A.

B.

A Special Access Program is a program imposing "need-to-know'@ or access controls beyond those normally providedfor access to Top Secret, Secret, or Confidentialinformation. Such a program includes, but is not limitedto, special clearance, investigative and adjudicationrequirements, special designation of officials authorizedto determine @#need-to-know", and special classifiedlists of persons granted Sensitive CompartmentedInformation (SCI) clearance.

Special Access Programs are created only by a Federalagency that possesses original classification authority.The programs are compartmentalized to further restrictaccess to those who "need-to-know" certain nationalsecurity information. The Director, SDD, is responsiblefor processing all requests for access to Special AccessPrograms and assuring that special security requirementsare met.

Exhibit 12-00-ANational Security Information ManualHHS Transmittal 92.01

Page 1

U.S. DEPARTMENT OF HEALTH AND HUM/W SERVICE:.

CLASSIFIED DOCUMENT RECEIPT

FROM: (Rewn Address)

DATE

. DESCRIPTIONS OF DOCUMENT(S) CLASS. DATE OF C O N T R O L yF’ CYDOCUMENT NUMBER CYS No*

RECEIPT Ot ABOVE DOCUMENT(S) IS ACKNOWLEDGED

‘Rlh’TLD hAhlt AND TITLE SIGNATURE

DATt

CERTIFICATE OF DESTRUCTION

1 CERTIF! THAT THE DOCUMEKT(SJ LLSTED ABOVE WERE DESTROYEDU4Tt

‘RIUTED \A’.1t. TlTLt A N D SlCiN4’Il KL: OF DtSl~R~~CTION P R I N T E D NAME. TIT11 ASD SIC!b\lL’KL 01 ~~I~l~SL~~IW.X--FICIAL OFFICIAL

Exhibit 12-00-BNational Sekurity Information ManualHHS Transmittal 92.01

Page 2

DEPARTMENT OF HEALTH AND HUMAN SERVICESOFFICE OF THE SECRETARY

REOUEST F O R S E C U R I T Y C L E A R A N C E

For Ac&ss to Classified National Security lnformatica

! CRITICAL-SENSITIVE j NONCRItlCAL~SENSITIVEPOSITION POSITION

I I

sipmwe Tkll7ECOMMENDED

B Y

X)NCURRENCE bcurltv R-matlve

. . . . . . . . . . . . . . . . . . . . . . . . ..*.............*.................CERTIFICATE OF SECURITY CLEARANCE

N A M E DATE

SlGXATURC OF DIRECTOR, PERSOWXL SCCCRITYAX0 DRU: TZSTI:JG ?ROGi?x: DIVIS:X, A.S?ER

Exhibit 12-00-CNational Security Information ManualHHS Transmittal 92.01

Page 3

L .

. -. . . .

PAGE 4(B=K)

Exhibit 12-00-DNational Information Security ManualHHS Transmittal 92.01

Page 5

CLASSIFIED INFORMA’ITON NONDISCLOSURE AGREEMENTAN AGREEMENT BETWEEN AND THE UNITED STATES

(Name cl lndwidual - Pnmcd of lyped)

1 Intending to be legally bound, I hereby accept the obligations contained in this Agreement in consideration of my beinggranted access to classified mformauon. As used in this Agreemenl. classified information is marked or unmarked classifiedinfonnanon, including oral communications, that is classified under the standards of Executive Order 12X6. or under any otherExecuuve order or statute rha~ prohibits the unauthorized disclosure of information m the interest of national security; andunclassified information that meets the standards for classification and is in the process of a classification delennmation asprovided m Sectzons 1.1 and 1.2(e) of Execuuve Order 12356, or under any other Executive order or statute that requiresprotection for such informauon in the interest of nadonai securtty I understand and accept tha: by being granted access toclassified informatton. special confidence and trust shall be placed in me by the United Stales Government.

2. I hereby acknowledge that I have received a security indoctrination concerning the nature and protection of classifiedinformation. mcluding the procedures to be followed in ascertaining whether other persons to whom I contemplate d~losing thisinformauon have been approved for access to it. and that I understand these procedures.

3 . I have been advised that the unauthorized disclosure, unauthorized retention, or negllgenr handling of classified informationby me could cause damage or ureparable injury to the United States or could be used to advantage by a foreign nation. I herebyagree that I will never divulge classified informauon to anyone unless: (a) I have officially verified that the recipient has beenproperly authorized by the United States Government to receive it: or (b) I have been given prior written notice of authorizationfrom the United States Government Department or Agency (hereinafter Department or Agency) responsible for theclassification of the information or last granting me a security clearance that such disclosure is permitted. I understand that ifI am uncertain about the cIassification status of information, I am required to confirm from an authorized official that theinformauon is unclassified before 1 may disclose it, except to a person as provided in (a) or (b). above. I further understand thatI am obligated to comply with laws and regulations that prohibit the unauthorized discfosure of classified information.

4. 1 have been advised that any breach of this Agreement may result in the termination of any security clearances I hold;removal from any position of special confidence and trust requiring such clearances; or the termination of my employment orother relationships with the Depattments or Agencies that granted my security clearance or clearances. In addition, I have beenadvised that any unauthonred disclosure of classified information by me may constitute a violation, or violations. of UnitedStates criminal laws, including the provisions of Sections 641. 793, 794. 798, and ‘952, Title 18. United States Code.*the provisions of Section 783(b), Title SO, United States Code, and the provisions of the Intelligence Identities Protection Actof 1982.1 recognize that nothing in thls Agreement consxitutes a waiver by the United States of the right to prosecute me for anyStaNtOry violation.

5 . I hereby assign to the United States Government all royalties. remunerations. and emoluments that have resulted, will resultor may result from any disclosure, publication, or revelation of classified information not con&tent with the terms of thisAgreement.

6. I understand that the United States Government may seek any remedy available to it to enforce this Agreement including.but not hmited to, application for a coun order prohibiting disclosure of information in breach of this Agreement.

7 . I undemand that all classified information to which I have access or may obtain access by signing tJxis Agreement is now andwill remain the propeny of, or under the control of the United States Government unless and until orhenvise derermined by anauthorized official or final ruling of a court of law. I agree that I shaU return all classified materials which have, or may come intomy possession or for which 1 am responsible because of such access: (a) upon demand by an authorized representative of theUnited Srates Government; (b) upon the conclusion of my employment or other relationship with the Department or Agencythat Last gmnted me a security ckarance or that provided me access to classified information; or (c) upon the conclusion of myemployment or other relationship that requires access to classified information. If I do not return such materials upon request.I understand that this may be a.violatfon of Section 793. Title 18. United States Code, a United States criminal law.

8. Unless and until I am released in writing by an authorized representative of the United States Government. I understandthat all conditions and obligations imposed upon me by this Agreement apply during the time I am granted access to classifiedinformation, and at all times therufrer.

9. Each provision of this Agreement is severable. If a court should find any provision of this Agreement to be unenforceable,all other provisions of this Agreement shall remain in full force and effect.

IO. These restrictions are consistent with and do not supersede, con&t with or otherwise alter the employee obligations, rightsor liabilities created by Executive Order 12356; Section 7211 of Title 5, United States Code (governing disclosures to Congmss);Section 1034 of Title 10, United States Code, as amended by the Military Whistleblower Protection Act (governing disclosureto Congress by members of the military); Section 2302(b)(8) of Title 5, United States Code, as amended by the WhistleblowerProtection Act (governing disclosures of illegality. waste, fraud, abuse or public health or safety threats); the IntelligenceIdentities Protection Act of 1982 (SO U.S.C. 421 et seq.) (governing disclosures that could expose confidential Governmentagents). and the statutes which protect against disclosure that may compromise the national security. including Sections 641.793. 794. 798. and 952 of Title 18. United States Code, and Section 4(b) of the Subversive Activities Act of 1950 (50 U.S.C.Section 783(b)). The defiiitions. requirements, obligations, rights, sanctions and liabiliues created by said Executive Order andlisted statutes are incorporated into this Agreement and are controlling

Exhibit 12-00-DNational Information Security ManualHHS Transmittal 92.01

Page 6

1 I. I have read th is A g r e e m e n t c a r e f u l l y a n d m y q u e s t i o n s . i f a n y , have been nnswered. I rcknowledge t h a t t h e b r i e f i n g offr;erhas made available to me the Executive Order and statutes referenced m this Agreement and its Implementing -eguL&rn(32 CFR Section 2003.20) so thaw I may read them at this time, if I so choose.

WITNESS I ACCEPTANCE

THE EX&UllON OF THIS AGREEMENT WAS WITNESSED THE UNDERSIGNED ACCEPTED THIS AGREEMENT ONB Y THE UNDERSIGNED. BEHAlF OF THE UNITED STATES GOVERNMENT.

ElGNAlbXE DATE UGNAWXE D A T E

SECURITY DEBRIEFING ACKNOWLEDGEMENT

N A M E O F WrrNEls (Type 0, pna,, SIGNATVPE OF i”,I,JESS

’ NOT APPLKARLE TO NON-WVEhiqMENT PERSONNEL SlGNlNG THIS AGhiEMEh7

STbNDARD F O R M St2 R A C K (REV I-9li

It ----------t--------‘----j-..--

l I I1. ATTACH TO INSIDE OF CONTAINER ~5-y~;40,0,,2,4~1312 STANDARD FORM 700 (O-O!

Pra‘Crlb** w G5*,150032 CF R 2003

- - _ - _ _WARNIN

Exhibit 12-00-FNational Information Security ManualHHS Transmittal 92.01

Page 8

Exhibit 12-00-GNational Information Security ManualHHS Transmittal 92.01

Page 9

SECURITY CONTAINER CHECK SHEETI

CERTIFICATION

I CERTIFY. BY MY INITIALS BELOW. THAT I HAVE OPENED.CLOSED OR CHECKED THIS SECURITY CONTAINERIN ACCORDANCE WITH PERTINENI AGENCY REGXATIONSAND OPERATING INSTRUCTIONS.U*HTHrYE.AR

j j i !

, , , /

SECURiTY CONTAINER CHEcr; SHEET

t

I 1 ,

CERTIFICATIONS

I CERTIFY, BY MY INITIALS BELOW, THAT I HAVE OPENED.CLOSED OR CHECKED MS SECURITY CONTAINERIN ACCORDANCE Wlflf PERTINENT AGENCY REGULATIONSAND OPERATING INS7RUCTIONS.W34*-

Exhibit 12-00-HNational Information Security ManualHHS Transmittal 92.01

Page 10

THIS IS A COVER SHEET

FOR CLASSIFIED INFORMATION

A L L INDMDUALS HANDUNG THIS INFORMATIDN A R E R E Q U I R E D T O P R O T E C TI T F R O M UNAUTHORIZED D I S C L O S U R E I N T H E I N T E R E S T O F T H E N A T I O N A LSECURITY Of THE UNITED STATES.

H A N D L I N G , STOME. R E P R O D U C T I O N A N D D I S P O S I T I O N O F T H E ARACHEDDOCUMENT WILL BE M ACCORDANCE WlTH APPLICABLE EXECUTlVEORDER(S), STATUTE(S) AND AGENCY IYPLEMENTING ~EGULATIDNS.

Exhibit 12-00-INational Information Security ManualHHS Transmittal 92.01

Page 11

THIS IS A CDVER SHEET


A L L I N D I V I D U A L S H A N D L I N G T H I S I N F O R M A T I O N A R E R E W I R E D To PRQTrcTIT FRDM U N A U T H O R I Z E D D I S C L O S U R E I N T H E I N T E R E S T OF T H E N A T I O N A LSECURITY O F T H E U N I T E D S T A T E S .

NANDUNG. STORME , R E P R O D U C T I O N A N D DlSPOBKlON O F T H E All-EDDOCUMENT MUST BE IN ACCORDANCE WlTH APPLICABLE EXECUTIVE@?DE&S), STATUTE@) AND AGENCY IYPLENENTING REGULATIONS.

Exhibit 12-00-JNational Information Security ManualHHS Transmittal 92.01

Page 12

THIS IS A COVER SHEET


ALL INDMDUALS HANDLING THIS INFORMAlfON ARE REOUIRED To PRtXEClIT F R O Y U N A U T H O R I Z E D D I S C L O S U R E I N THE I N T E R E S T O F T H E NAllONALSECURITY OF THE UNITED STATES.

H A N D L I N G , S T O R A G E , REPRODUCTtON A N D D I S P O S I T I O N O F T H E ATTACHEDDOCUMENT MUST BE IN ACCORDANCE WITH APPLICABLE EXECUTlVEORDER(S), STATUTE(S) AND AGENCY IYPLEMENTING REGULITIONS.

BORDERIS

BLUE