PDF Version

Director of Central Intelligence Directive 1/19

Security Policy for Sensitive Compartmented Information and Security Policy Manual

(Effective 1 March 1995)

Pursuant to the provisions of the National Security Act of 1947 and Executive Order 12333, policies and procedures are hereby established for the security, use, and dissemination of Sensitive Compartmented Information (SCI).

1. Applicability

The controls and procedures in this directive and its supplement, Security Policy Manual for SCI Control Systems, shall be applied by all Intelligence Community agencies. A Senior Official of the Intelligence Community (SOIC) may, for the purpose of SCI protection and DCID implementation, be considered the equivalent of the head of a Cognizant Security Agency (CSA) and may, delegate responsibility for the implementation of policies and procedures defined in an appropriate Director of Central Intelligence Directive (DCID) (e.g., DCID 1/14, 1/19, 1/21) to a Cognizant Security Office. Other programs with special access under the purview of other authorities may at their option, use applicable portions of this DCID for protection of their information and activities. In such cases, the head of the respective department, agency or organization shall be the equivalent of a SOIC for the purposes of this DCID, and may designate a person to act on their behalf for a specific program. Intelligence Community agencies that release or provide SCI to contractors, consultants, or other government departments or agencies shall ensure beforehand that the intended recipients agree to follow these controls and procedures in their own handling and accountability of SCI.

Policy and procedures in this directive shall be reflected in other Intelligence Community directives related to the security of SCI.

Basic operational direction for SCI programs will continue to be prescribed by cognizant executive agents or program directors.

2. General

In order to protect SCI, risk-based analysis should be employed when implementing protection measures. Risk management is essential to balance threat and vulnerabilities with appropriate security measures. This analysis should provide for increased efficiency of operations and co-utilization of facilities wherever practicable.

Specific guidance on what information should be classified and protected as SCI is provided in other documents issued by or pursuant to the authority of the Director of Central Intelligence. Principles and details governing and defining information to be protected by a specific control system shall be included in system manuals and regulations. Such documentation shall also include instructions for decompartmentation, sanitization, release to foreign governments, emergency use (when those actions are feasible and permissible), and additional security policy for the protection of information controlled in SCI subcompartments.

3. Protection of Sources and Methods

Access to SCI shall be based on need-to-know, formal access approval, and indoctrination. As a general principle, SCI disseminated to persons meeting those criteria shall be provided at the lowest level of classification and compartmentation that will satisfy official requirements applicable to the recipients. Source and method data shall be provided only to the extent necessary to fulfill such requirements. Sanitization of material shall be accomplished to the extent possible to protect against damage to sources and methods through unauthorized disclosure, espionage, or other compromise.

All intelligence production elements shall ensure that SCI they produce and disseminate excludes, sanitizes, or generalizes, in descending order of preference, source and method data from intelligence products. In support of this, producers of finished intelligence shall:


Supplement: DCI Security Policy Manual for SCI Control Systems

DCID 1/19P Security Policy Manual

1 March 1995

1.0 INTRODUCTION

This manual contains security policy and procedures common to SCI control system(s) established by the Director of Central Intelligence (DCI) for the protection of classified intelligence information. Users should refer to DCI Directives (DCIDs) and other documents cited herein for guidance on specific security functions. Users are referred to applicable SCI control system manuals or directives for guidance on appropriate classification levels and compartmentation categories.

Questions regarding this manual should be directed to the Director, Community Management Staff (CMS) or successor organization, if not answerable by a Senior Official of the Intelligence Community (SOIC) or his designee of an Intelligence Community (IC) organization.

2.0 PERSONNEL SECURITY

2.1 General. The protection of SCI is directly related to the effectiveness of the personnel security program applicable to those individuals having access to such information. An interlocking and mutually supporting series of program elements (e.g., need-to-know, investigation, reinvestigation, and adjudication in accordance with DCID 1/14, Personnel Security Standards and Procedures Governing Eligibility for Access to Sensitive Compartmented Information, binding contractual obligations on those granted access, security education and awareness, individual responsibility for observing security requirements and reporting security concerns, and continuing security oversight by supervisory personnel) can provide reasonable assurances against compromise of SCI by those authorized access to it.

2.2. Need-to-Know Policy. The primary security principle in safeguarding SCI is to ensure that it is accessible only by those persons with appropriate clearance, access approval, clearly identified need-to-know, and an appropriate indoctrination. Even when approved for a specific access, the holder is expected to practice a need-to-know discipline in acquiring or disseminating information about the program(s) or project(s) involved. Intrinsic to this discipline is acquiring or disseminating only that information essential to effectively carrying out the assignment.

2.3 Standards. Personnel security standards, reporting of data bearing on SCI eligibility, investigative requirements, reinvestigation adjudications, and supervisory security responsibilities shall be in accordance with DCID 6/4.

2.4 SCI Nondisclosure Agreement (NdA). As a condition of access to SCI, individuals must sign a DCI-authorized NdA, which includes a provision for prepublication review. Failure to sign an NdA is cause for denial or revocation of existing SCI access. The NdA establishes explicit obligations on both the government and the individual signer for the protection of SCI.

2.5 Recording Indoctrinations and Debriefings. Briefing officers shall record all SCI indoctrinations and debriefings conducted. Administrative guidance on NdAs, indoctrination and debriefing forms, and related procedures shall be specified by SOICs for areas under their cognizance. This guidance shall ensure that NdAs are retained and retrievable for 70 years after signature.

2.6 Access Approvals. When need-to-know has been established, investigative results have been satisfactorily adjudicated, and an authorized NdA has been signed, SCI access shall be granted and formally recorded. Once a SOIC has determined that an individual is DCID 1/14 eligible without waiver and currently briefed into at least one SCI program, the individual may be approved for additional accesses by any SOIC without further security adjudication. When a previously established need-to-know no longer exists due to reorganization, reassignment, change in duties or any other reason, the SCI access approval(s) affected by this change in need-to-know shall be canceled, and the individual involved shall be debriefed.

2.7 Central SCI Database. A community wide SCI database will be maintained by the DCI. The DCI will ensure the database is maintained in a format that will permit the integration with or expansion into a U.S. government wide clearance database.

2.8 Security Indoctrination and Education.

2.9 Foreign Contacts. Close, continuing personal associations with foreign nationals by persons approved for SCI access are of security concern. Persons with SCI access shall be informed of their continuing responsibility to report to their SCI security officers all close and continuing contacts with foreign nationals, or any contact with representatives or citizens of foreign countries that is considered threatening or suspicious. SCI-indoctrinated persons are also responsible for reporting contacts with persons from other countries whenever those persons show undue or persistent interest in employment, assignment, or sensitive national security matters. Contacts, or failure to report contacts, in either of the above situations shall result in reevaluation of eligibility for continued SCI access by the cognizant SOIC. Casual contacts, which do not fall within either of the above situations, normally need not be reported.

2.10 SCI Travel and Assignment Security Policy. Persons currently approved for SCI access who plan unofficial travel to or through, or who are being assigned to duty in, foreign countries and areas, incur a special security obligation. This includes requirements to provide advance notice of unofficial travel and receive appropriate defensive security briefings prior to official assignment or unofficial travel. Security policy applicable to such travel or assignment is stated in DCID 1/20, Security Policy Concerning Travel and Assignment of Personnel with Access to SCI.

3.0 PHYSICAL SECURITY

3.1 Construction and Protection Standards. All SCI must be stored within accredited SCIFs. Accrediting authorities are responsible for ensuring that SCIFs are established only when there are clear operational requirements for them and when existing SCIFs are not adequate to support the requirement. The requirements justifying a new SCIF shall be documented and maintained with accreditation records. Physical security standards for the construction and protection of such facilities are prescribed in the current DCID 1/21, Physical Security Standards for Sensitive Compartmented Information.

3.2 Accreditation of SCIFs. The DCI has responsibility for all SCIF accreditation and can delegate that authority. Except where specific agreement exists, introduction of an additional program into a previously accredited SCIF requires the joint approval of the host SOIC and the responsible SOIC requesting tenant status.

The DCI shall accredit SCIFs for executive branch departments and agencies outside the Intelligence Community, and for the legislative and judicial branches.

The DCI, or the SOIC conducting an SCI program with a foreign government, will accredit the SCIF for that foreign government, or as specified in the program security manual.

3.3 Emergency Plans. An emergency plan shall be developed, approved and maintained for each accredited SCIF. This may be part of an overall department, agency, or installation plan, so long as it satisfactorily addresses the considerations stated below. Emergency planning shall take account of fire, natural disaster, labor strife, entrance of emergency personnel (e.g., host country police and firemen) into a SCIF, and the physical protection of those working in such SCIFS. Planning should address the adequacy of protection and fire-fighting equipment, of evacuation plans for persons and SCI, and of life-support equipment (e.g. oxygen and masks) that might be required.

4.0 TECHNICAL SECURITY

4.1 Technical Surveillance Countermeasures. Responsible SOICs shall ensure that technical surveillance countermeasures are conducted at their SCIFS, domestics foreign, in accordance with DCID 1/22, Technical Surveillance Countermeasures, (TSCM) and DCI procedural guides issued in accordance with DCID 1/22. Overseas facilities require initial TSCM.) Briefings on technical penetration threats shall be provided to personnel working within SCIFs.

4.2 Compromising Emanations Control Security (TEMPEST). All equipment used to transmit, handle, or process SCI electronically, including communications, word processing, VCRs, TV monitors, facsimile machine, and automated information systems equipment, must satisfy the requirements of NTISSP 300, National Telecommunications and Information Systems Security Policy and NTISSI 7000, TEMPEST Countermeasures for Facilities (or successor policies) in the most efficient, cost effective manner possible.

4.3 Automated Information Systems (AIS) Security. All AIS and networks used for processing, handling, or storing SCI shall be operated and secured in compliance with DCID 1/16, Security Policy for Uniform Protection of Intelligence Processed in Automated Information Systems and Networks or successor document.

5.0 SCI INFORMATION SERVICES CENTERS AND SECURITY OFFICIALS

5.1 SCI Special Security Offices and/or Control Centers. SCI Special Security Offices and/or Control Centers, as appropriate, shall be established to serve as the focal point(s) for the receipt, control, and accountability of SCI, and other SCI security functions for one or more SCIFs in the local area. The number of such offices and/or centers shall be determined locally on the basis of practicality, number of SCIFs to be serviced and organizations involved.

5.2 SCI Special Security/Control Officers. Appropriately SCI-indoctrinated special security officers and/or SCI control officers and alternates thereto, shall be designated to operate each SCI Special Security Office and/or Control Center. Such officials shall normally have day-to-day SCI security cognizance over their offices/ centers and subordinate SCIFs, if any, for that SCI authorized to be handled by organizations served by them. Responsible SOICs shall ensure appropriate training in SCI security policy and procedures is provided their SCI special security/control officers and other SCI registry/security personnel. SCI Special Security/Control Officers shall provide advice and assistance on SCI matters to their organizations and other activities being supported, consistent with specific responsibilities assigned by their SOICs. This may include one or more of the following:

6.0 INFORMATION SECURITY

6.1 Standard Classification Marking Requirements. Standard security classification markings (to include classification authority and declassification markings) shall be applied to SCI according to the Executive Order 12356 National Security Information or successor document and Executive Branch implementing directives. Classification guides issued by program managers shall be used in classifying SCI. NOTE: Section 6.4.3 specifies waiver situations when the sponsoring SOIC deems them appropriate based upon the nature of the material and the protection it is being afforded.

6.2 SCI Caveats, Codewords, and Designators. The bottoms of all pages of SCI hard copy documents shall be marked with the applicable SCI control system caveats. The front and back covers of bound documents shall also be appropriately marked with the proper SCI system caveats. Whenever practicable, front and back covers shall bear the color code bar(s) for the system(s). If the material is to be controlled in only one SCI control system, mark it as follows:

6.3 Dissemination Control Markings. When applicable to their information content, SCI documents shall be marked with the dissemination control markings in the manner prescribed by DCID 1/7, Security Controls on the Dissemination of Intelligence Information.

6.4 Portion Marking. Each copy of an SCI document shall, by marking or other means, indicate: (1)which portions are classified, with the applicable classification level, and which portions are not classified; and (2) which portions require SCI codewords, caveats, program designators, or DCID 1/7 control markings.

6.5 Letters or Memoranda of Transmittal and Facsimile Transmission.

6.6 SCI Document Accountability Numbers (DAN). Originators shall assign a DAN to those SCI documents approved by the SOIC as accountable. Blocks of numbers will be assigned to SOIC's by the CIA or by a SOIC's SCI Information Services Center (as appropriate). DANs shall be placed in the designated block on cover sheets, on the front cover and title page (if any), and all succeeding pages. Any retrieval or configuration management number used for information management purposes may be assigned to a document but should not be considered a security control or protection mechanism.

6.7 Specialized Media Labeling Requirements for SCI.

6.8 Cover Sheets. When it is necessary to guard against unauthorized disclosure to persons not possessing appropriate SCI accesses, separate cover sheets shall be used on SCI documents. When sending SCI material to another agency, appropriate cover sheets shall be used. Cover sheets shall show, by color or other immediately recognizable format or legend, what SCI control system or combination of systems apply, the classification, and other applicable markings.

6.9 SCI Policy. It is the DCI's policy to eliminate document accountability as a routine security protection measure. SCI security or control officers responsible for SCIFs shall maintain records, manual or electronic (bar codes), of external receipt and dispatch sufficient to investigate loss orcompromises of SCI documents during transmittal.

6.10 Temporary Release of SCI Outside a SCIF. When operational needs require SCI to be released for processing or temporary use by SCI-indoctrinated persons in non-SCI-accredited areas, such release shall only be accomplished with the consent and under the supervision of the responsible SCI security/control officer. The responsible officer shall obtain signed receipts for SCI released in this manner and shall ensure that conditions of use will provide adequate security until the SCI is returned to SCIF.

6.11 Audits and Inventories for Accountable Documents. SOICs shall arrange for SCI security/control officers, to conduct such periodic reviews of SCI held by organizations under their cognizance, and will ensure that proper accountability is being maintained and that SCI is destroyed when no longer needed. SOICs may require the inventory of accountable SCI within activities under their cognizance.

6.12 Reproduction. Reproduction of SCI documents shall be kept to a minimum consistent with operational necessity. Copies of documents are subject to the same control, accountability, and destruction procedures as the originals. Stated prohibitions against reproduction shall be honored. CSAs will ensure that equipment used for SCI reproduction is thoroughly inspected and sanitized before equipment is removed from a SCIF.

6.13 Transportation/Transmission. SCI shall be transmitted from one SCIF to another in a manner that ensures it is properly protected. Material hand-carried by a courier shall be transported in an approved container discretely marked with a notation such as "PROPERTY OF THE US GOVERNMENT TO BE RETURNED UNOPENED TO (name of appropriate organization and telephone number that will be manned at all times)." A briefcase with a locking device can serve as an outer wrapper. No inner wrapper is required if SCI is transported between SCIFs within the same building. If a briefcase is used, an unobtrusive luggage tag will be used and contain the aforementioned notation/information.

6.14 Destruction of SCI. SCI shall be retained for the time peiiods specified in records control schedules approved by the Archivist of the United States (44 U.S.C. 33 and FPMR 101-11.4). Destruction Records for an accountable SCI document shall be retained in a master record. Duplicate information and other non-recorded copies of SCI documents shall be destroyed as soon as possible after their purpose has been served. Destruction shall be accomplished in a manner that will preclude reconstruction in intelligible form. Only those DCI approved methods (e.g., burning, pulping, shredding, pulverizing, melting, or chemical decomposition, depending on the type of material to be destroyed) specifically authorized may be used. Destruction of data shall be assured by an appropriately indoctrinated person(s). For situations such as high volume or bulk destruction of accountable data, or when the destruction of accountable data is external to a SCIF, the responsible senior security officer or designee may determine that two personnel are appropriate. SCI in computer or automated information systems or other magnetic media shall be "destroyed" through erasure by approved degaussing equipment or by executing sanitization procedures specified in the Guide to Understanding Data Remanence in Automated Information Systems, (NCSC-TG-025), September 1991, or successor publication.

7.0 CONTRACTOR/CONSULTANT SECURITY

7.1 Policy. Basic DCI policy on release of foreign intelligence to conractors and consultants (hereinafter contractors) is contained in paragraph 7, of DCID 1/7, Security Controls on Dissemination of Intelligence Information. Specific release provisions should be included in any control system manuals and regulations. SCI may be released by SOICs to U.S. Government contractors according to the following instructions.

7.2 Foreign Ownership, Control, or Influence (FOCI).

(This Section remains the same as found in DCID 1/19 dated 19 February 1987. Any changes in FOCI are to be determined by the Security Policy Board and will be incorporated at a later date.)

8.0 LEGISLATIVE BRANCH ACCESS TO SCI

8.1 Policy

8.2 Verification Requirement. The DCI's OCA will verify, in coordination with program managers and on behalf of the DCI, the need of persons in the legislative branch, other than members of Congress, for SCI access. Verifications shall be based on such persons' job responsibilities in the following areas:

8.3 Access Approval Procedures

8.4 Handling and Storage of SCI.

8.5 Marking SCI Released to Congress. SCI being prepared for release to members of Congress and Congressional committees shall be marked with all applicable classifications, SCI caveats, codewords, project indicators, and DCID 1/7 control markings. The term "SENSITIVE" may not be used instead of, or in addition to, SCI markings, as it does not convey the nature or extent of the sensitivities involved. Releasing agencies shall ensure, through their legislative offices or comparable elements, that Congressional committee staff employees, through their legislative offices or comparable elements, that Congressional committee staff employees, and employees of the Library of Congress and the General Accounting Office, have clearances and SCI access authorizations appropriate for receipt of the material involved. Releasing agencies also shall ensure that SCI being provided legislative branch components is stored in accredited SCIFs.

9.0 JUDICIAL BRANCH ACCESS TO SCI

9.1 Policy. Pursuant to the Classified Information Procedures Act of 1980 (CIPA) Public Law 96-456, 94 Stat. 2025 18 U.S.C. Appendix 4) and the "Security Procedures Established Pursuant to Public Law 96-456, 94 Stat. 2025 18 U.S.C. Appendix 4, By The Chief Justice of the United States For The Protection of Classified Information," dated 12 February 1981, arrangements for the care, custody, and control of SCI material involved in any Federal criminal case shall be the responsibility of the Department of Justice (DoJ) Security Officer in coordination with the appropriate executive branch agency security representative.

9.2 SCI Access Requirements. Requirements for SCI access approvals shall be provided to the security officer who shall notify the DoJ Security Officer. The DoJ Security Officer shall coordinate requirements with agencies/program managers involved.

9.3 SCI Access Eligibility Determination Procedures. SCI access will be authorized by the DoJ Security Officer, who is responsible for adjudicating the results of investigations required by DCID 1/14.

9.4 Handling and Storage of SCI. Matters pertaining to the handling, storage, and disposition of SCI shall be coordinated with the security officer, who is responsible for ensuring that proper safeguarding procedures are established and that adequate storage is provided for the SCI pursuant to the CIPA Security Procedures and this manual. These matters shall be coordinated with the US Intelligence Community entities originating the SCI involved in the case.

9.5 Additional Details. Additional details/information may be found in the CIPA and/or the Security Procedures, which may be obtained from the DoJ SSC. Any question concerning interpretation of the CIPA security procedures shall be resolved by the court in consultation with the DoJ Security Officer and the appropriate executive branch agency security representative.

10.0 SCI SECURITY INFRACTIONS, VIOLATIONS, COMPROMISES, AND UNAUTHORIZED DISCLOSURES

10.1 Reporting Responsibilities. SOICs shall ensure that persons under their cognizance are initially instructed and periodically reminded to report to their respective SCI Security/Control Officer:

10.2 Investigations. SOICs shall establish procedures within their organizations to ensure that all security violations, infractions, compromises, and unauthorized disclosures of SCI occurring in areas subject to their jurisdiction are properly investigated. Investigations shall be designed to determine if there is a reasonable likelihood that a compromise of SCI may have occurred, the identity of the person(s) responsible for the unauthorized disclosure, and the need for remedial measures to preclude a recurrence. The adjudication of security incidents will apply a risk-based analysis which will assess intent, location of incident, risk of compromise sensitivity of information, and mitigating factors.

10.3 Corrective Action. Investigating officers shall advise cognizant SOICs of weaknesses in security programs and recommend corrective action(s). SOICs are responsible for ensuring that corrective action is taken in all cases of actual security violations and compromises. Administrative actions imposed in cases of demonstrated culpability shall be recorded in security files of the responsible SOIC. Except in instances where immediate action is necessary, an individual found responsible for a security incident will be afforded the opportunity to argue in their defense prior to the implementation of administrative action. Remedial actions according to the severity of the incidents may be applied by the SOIC. These options may include, but are not limited to: oral counseling; written reprimand; suspension without pay for a period of one or more days, and a written reprimand; termination of employment. Security deficiencies determined to have contributed directly to the incident shall be corrected if possible. If not, full details and recommendations on corrective measures shall be provided to the DCI by the responsible SOIC.

11. PROGRAM SECURITY REVIEWS

11.1 Policy. Those SOICs responsible for accrediting the SCIF and/or for the information therein shall be responsible for a periodic reviews based on risk management principle. Program security reviews shall be performed by persons knowledgeable of SCI storage, control procedures, and shall be designed to confirm that procedures and safeguards implement the applicable DCIDs. Contractors are encouraged to conduct self-reviews to identify the efficiency of their security program. Review results shall be retained in the files of both the accrediting and accredited organizations. In order to avoid duplication, every effort shall be made to accept security reviews by other joint users of the SCIF for validation of security compliance. These reports shall identify any deficiencies found and the status of actions taken to correct them. The security review reports shall be made available to the DCI or his/her designee upon request.


Original Classification: UNCLASSIFIED
Approved for Release: DEC 2001
MORI DocID: 628981
Courtesy of Jeffrey Richelson