SECURITY ARRANGEMENTS FOR MULTI-NATIONAL
ARMAMENT COOPERATION PROGRAMS
In 1986, the Department of Defense began working with the security officials from all the NATO member nations, except Iceland, in a continuing effort to develop and issue common security practices and procedures for application in multi-national armament cooperative programs that are not managed under NATO rules. The Multinational Industrial Security Working Group (MISWG) which was established to support this effort meets on a regular basis to identify common security-related issues, agree on attainable objectives and develop policies and procedures that will work within the framework of each member nationís security system. Once a year, the Senior Security Officials from each member nation convene to review the efforts of the Working Group, discuss specific proposals and decide on their adoption. Upon approval, these policies and procedures are published as numbered documents that may be used as guidelines for multi-national cooperative programs which are not commonly funded or managed by NATO and therefore not administered under NATO regulations. They may be used for bilateral and other programs. They also may be used in programs with other nations. In the latter case, the documents will have to be modified to delete the NATO references and accommodate specific program requirements. A brief description of the MISWG documents is provided in the following subsections. Several of the documents are provided as appendices. It is important to note that each government that is party to a contract or agreement, or that has legal jurisdiction over information involved, will have to agree to the use of the procedures. They, therefore, should participate in the preparation of program or project documents that are based on the procedures. Also, the documents are guides: they must not be referenced as an official document in agreements or contracts. Each document is to be used to tailor security procedures that implement general security requirements of agreements and contracts, or as required by a TA/CP. In some cases, procedural language might be suggested; it may be used in whole or in part, as applicable.
B. PROGRAM DOCUMENTS
1. Arrangements For The International Hand Carriage Of Classified Documents, Equipments And/Or Components. These arrangements provide an exception to transmitting classified material through government channels. In order to meet an urgent need to transfer documents and small items of hardware between contractors in connection with a government project, program or contract, these special arrangements may be used on a case-by-case basis with approval of each Designated Security Authority. An urgent situation is one when official government channels are not available or their use would result in a delay that would adversely affect performance on the project, program or contract to an unacceptable degree, and it is verified that the information is not available at the intended destination. The arrangements apply to the hand-carriage by an appointed courier of classified documents and hardware that are of such size, weight and configuration the courier can maintain personal control over them at all times. The highest classification must not exceed SECRET and the documents and hardware must have been authorized by the responsible Government agency for release in conjunction with the project, program or contract. The procedures applicable to this document are discussed in detail in this Chapter and Appendix K.
2. Use Of Cryptographic Systems. These procedures (Appendix L) provide for the electrical transmission, using approved crypto systems, of classified information across international borders by participating governments and contractor organizations in support of a government project program or contract. The use of such equipment will be authorized on a case-by-case basis by National Security Authorities when there is a compelling requirement.
3. Security Clauses. These clauses are tailored for the typical international agreement. The IAG clause data base maintained by the Navy International Programs Office (IPO) should be consulted for the appropriate clauses (see Chapter 5, subsection C.7.)
4. Program Security Instruction. Appendix N provides a sample standard format for a Program Security Instruction (PSI).
a. The PSI is supplementary to the national security rules of the participants under which classified information and material are normally protected. It should be used to reconcile differences in national policies so that standard procedures will be used for the program/project and to consolidate in a single security document the other security arrangements for a project, program or contract (e.g., hand carriage, transportation plan, etc.). When a program or project involves the use of both national and NATO procedures, special attention must be given to differences in the procedures, particularly with regard to access control.
b. The minimum elements of information to be provided for each section are described, and in some cases, suggested language is provided. These descriptions and suggested language are for guidance only. However, it is advised that the guidance be followed because the suggested format and procedures have been agreed upon by many nations. Additional requirements may apply depending on the size and complexity of the program/project, sensitivity of the information involved, and any extraordinary security requirements that may be determined by the foregoing factors.
c. The decision on the specific procedures to use is one that requires an understanding of the overall organization and requirements for the program or project. Program managers and participating contractors must ensure that security and technology transfer personnel are provided this information. The agreement and TA/CP also must be consulted. The final decision on which procedures to use is thus a joint decision. Consideration should be given to the establishment of a security team to develop the PSI. The team should be comprised of representatives from all participating governments and contractors. When several sets of procedures are determined to be necessary, they should be consolidated in a program security instruction.
5. Procedures For The Protection Of Restricted Information. This document (Appendix N) provides agreed procedures for handling RESTRICTED information. Participating countries which have a classification level of RESTRICTED will so mark their documents appropriately. The participating countries that do not have a classification level of RESTRICTED will apply an identification marking (it may be a national classification marking) which appears in the "Security Classification Guide" and the "Comparison of National Security Classification Markings" appended to the PSI. Whatever the markings may be, they must provide for the information a degree of protection no less stringent than that provided by the control procedures described in MISWG Document Number Six. The United States applies a CONFIDENTIAL marking to this category of material.
6. International Visit Procedures. This document (Appendix P) covers international visit procedures for both government and contractor personnel. It provides standard procedures for onetime and recurring visits, emergency visits and a standard request form for visit requests. It contains a table which gives the number of working days prior to the date of the onetime visit or the date of the first recurring visit that the request must be in the possession of the receiving NATO member nation National Security Authority or Designated Security Authority. See also Chapter 7 of this handbook.
7. Controlled Unclassified Information. The clauses (Appendix P) cover the handling of controlled unclassified information exchanged between governments or generated under an international program. Using the clauses, the section of the MOU dealing with controlled unclassified information must properly cross-reference the security, third-party sales and transfers, and disclosures and use of program information sections of the MOU (See Chapter 5, of this handbook).
8. Security Education And Awareness. This document (Appendix R) provides guidance for security education and awareness programs. When used in connection with an international program, the guidance may be tailored to the program and incorporated into the PSI. Individual security education plans should be tailored to fit the specific requirements of each program or project. Some programs/projects may not require elaborate security education and awareness plans because of their limited size or duration.
9. Transportation Plan For The Movement Of Classified Material. When international programs involve the use of commercial carriers and freight forwarders to move classified material between participants, comprehensive transportation plans are required. Work on the transportation plan should be initiated early in the security planning process. Transportation plans must be approved by the National Security Authorities/Designated Security Authorities of the involved countries prior to implementation. A discussion of the transportation plan is in Chapter 6, above and Appendix S. If several shipments are necessary under the same program, details of each shipment will be provided to interested parties, in a Notice of Classified Consignment.
10. Control Of Security Cleared Facilities. When a program or project involves the exchange of classified information, a record should be maintained of all facilities among which classified information is exchanged. The record is necessary to monitor the information flow. It also facilitates the implementation of security arrangements, such as visits, hand carriage and transportation. Appendix S provides instructions to the responsible Program/Project Office (RPO) on how to compile, distribute and amend the list of contractors and sub-contractors to whom classified information/material will be distributed.
11. Facility Security Clearance Information Sheet. Appendix U provides a sample format to be used for the quick exchange of information between National Security Authorities/Designated Security Authorities with regard to the facility security clearance of a facility involved or to be involved in classified tenders, conferences, contracts or subcontracts.
12. Automated Data Processing (ADP) Security Plan. Appendix V describes the responsibilities and procedures for the protection of classified information that is processed on automated data processing systems and/or networks, and describes the elements of information that should be included in each section.