NORTH ATLANTIC TREATY ORGANIZATION (NATO) SECURITY PROCEDURES
1. This Chapter provides basic security requirements necessary to comply with the procedures established by the U.S. Security Authority for the North Atlantic Treaty Organization (USSAN) for safeguarding NATO information involved in international programs. DoD Directive 5100.55 (reference hhh) contains the Terms of Reference designating the Secretary of Defense as the USSAN for the U.S. Government. The requirements of this Chapter as consistent with USSAN Instructions 1-69 and 1-70 implemented by DoD Directive 5100.55 and DoD Instruction C-5220.29 (reference iii), and the NISPOM (reference aa). The foregoing documents must be consulted for specific details.
2. Classification Levels. NATO security regulations prescribe four levels of security classification, COSMIC TOP SECRET (CTS), NATO SECRET (NS), NATO CONFIDENTIAL (NC), and NATO RESTRICTED (NR). The terms COSMIC and NATO indicate that the material is the property of NATO. Another marking, "ATOMAL," is applied to U.S. RESTRICTED DATA or FORMERLY RESTRICTED DATA and United Kingdom Atomic Information that have been released to NATO. ATOMAL information is marked COSMIC TOP SECRET ATOMAL(CTSA), NATO SECRET ATOMAL (NSA), or NATO CONFIDENTIAL ATOMAL (NCA).
3. Access Requirements
a. DoD and contractor employees may have access to NATO classified information only when access is required in support of a U.S. or NATO program which requires such access (i.e., "need-to-know").
b. Access to NATO classified information requires a final DoD personnel clearance (except for RESTRICTED) at the equivalent level and a NATO briefing as described in section D., below. A security clearance is not required for access to NATO RESTRICTED information. (See also Section D, below.)
c. Foreign nationals of non-NATO nations may have access to NATO classified information only with the consent of the NATO Office of Security. Requests with complete justification, as described in the NISPOM, will be submitted to the USSAN through the CSO. Access to NATO classified information involved in NATO contracts may be permitted for citizens of NATO member nations provided they have the requisite security clearance, they have been briefed as described in section D., below, and the contracting NATO organization, staff, command or agency approves such access.
B. NATO FACILITY AND PERSONNEL CLEARANCE REQUIREMENTS
1. A NATO Facility Clearance Certificate is required for any contractor to negotiate or perform on a NATO classified contract or subcontract. A U.S. contractor qualifies for a NATO facility clearance if it has an equivalent U.S. clearance, its personnel who require access have been briefed on NATO procedures and the requirements of the NISPOM are met. The Defense Industrial Security Clearance Office (DISCO) will provide the NATO Facility Clearance Certificate to the requesting NATO command or agency.
2. The NATO Facility Security Clearance Certificate is not required for DoD Component contracts that involve access to NATO classified information. It may be required by a NATO nation that provides NATO classified documents to a U.S. contractor in support of a non-NATO contract. However, all personnel that are to have access must be briefed in compliance with the requirements of section D., below, including the requirement for the briefing certificate, prior to having access to NATO classified information.
3. When a contractor becomes aware that a NATO Facility Security Clearance Certificate is required, through a request for proposal (RFP) or other announcement, the contractor should contact the applicable CSO for the assistance in obtaining the necessary certificate. Upon determining that the requirements of this Chapter are met, the CSO should request DISCO to forward the Certificate to the NATO contracting staff, command or agency. DISCO will notify the contractor when the NATO Facility Security Clearance Certificate has been issued.
C. NATO CONTRACTS
1. NATO contracts involving NATO-unique systems, programs or operations are awarded by a NATO Production and Logistics Organization (NPLO), a designated NATO Management Agency, a NATO Research Staff or a NATO Command. In the case of NATO infrastructure projects (e.g., airfields, communications, etc.), the NATO contract is awarded by a contracting agency or prime contractor of the NATO nation that is responsible for the infrastructure project.
2. Subcontracting under a NATO contract is to be handled in the same manner as classified U.S. contracts, except as noted below:
a. Prior to awarding a subcontract, prior written approval must be obtained from the NATO contracting agency.
b. The subcontractor must possess the requisite level of facility security clearance, employees that require access must be briefed on NATO procedures, and a NATO Facility Security Clearance Certificate must be issued prior to award of the subcontract. The contractor may sponsor a prospective subcontractor for a NATO facility clearance only after approval to subcontract has been obtained.
3. The contracting agency will provide classification guidance to the contractor. The guidance is in the form of a NATO security aspects letter and security requirements checklist for NATO contracts. It will be a DD Form 254 (Contract Security Specifications) or similar form for non-NATO contracts that involve access to NATO classified information. If the contractor does not receive adequate classification guidance, or is not able to obtain the guidance, the CSO should be contacted for assistance.
4. When DoD Components award contracts to develop documents that the DoD Component is to deliver to NATO, the DD Form 254 must contain a requirement for the contractor to provide a list that identifies the elements of U.S., NATO and foreign government information included in the documents and the source of the information (See subsection H.5., below).
D. NATO BRIEFINGS
1. Prior to having access to NATO classified information, contractor and government personnel must be given a NATO security briefing. The contractor FSO will initially be briefed by the CSO. Thereafter, the FSO shall ensure that the required briefings are administered to employees who require access to NATO classified information. Government employees and military personnel will be briefed by their security manager or a designee. The NATO briefing must cover security requirements and the consequences of negligent handling of NATO classified information. Annual refresher briefings will be conducted. When access to NATO classified information is no longer required, personnel will be debriefed, as applicable, and acknowledge their responsibility for safeguarding the NATO information. The briefing may be accomplished by requiring the person to read a documentary presentation and sign the certificate.
2. A record copy must be maintained of each annual briefing certificate until the next certificate is signed. The record of debriefings must be maintained for two years for NATO SECRET and NATO CONFIDENTIAL, and three years for COSMIC TOP SECRET and all ATOMAL.
3. Persons who travel to areas with special security risks must be briefed on security hazards which may be encountered and be requested to report any occurrence which may have security implications.
E. MARKING AND HANDLING NATO DOCUMENTS
1. Classified documents that are generated by a U.S. contractor under a NATO contract or prepared by a DoD Component specifically for release to NATO are to be marked as described in subsection A.2., above, and this section. (Note: Documents prepared pursuant to DoD Component and NATO member nation non-NATO contracts must be marked in compliance with section H., below.)
2. Normally NATO documents do not carry portion markings as are required for U.S. classified documents. Nevertheless, all classified documents created by U.S. contractors and DoD Components will be portion-marked.
3. The following markings, as applicable, will be applied to NATO documents that contain ATOMAL information:
a. "This document contains U.S. ATOMIC Information (RESTRICTED DATA or FORMERLY RESTRICTED DATA) made available pursuant to the NATO Agreement for Cooperation Regarding ATOMIC Information, dated 18 June 1964, and will be safeguarded accordingly." or
b. "This document contains UK ATOMIC Information. This information is released to the North Atlantic Treaty Organization including its military and civilian agencies and member states on condition that it will not be released by the recipient organization to any other organization or government or national of another country or member of any other organization without prior permission from H.M. Government in the United Kingdom."
4. NATO classified documents, and NATO information in other documents, may not be declassified or downgraded without the prior written consent of the originating NATO organization, command, agency or staff. Recommendations concerning the declassification or downgrading of NATO classified information are to be forwarded to the Central U.S. Registry (CUSR) via the CSO by contractors and via command or organizational channels by Government personnel.
5. Contractors and DoD personnel will not release or disclose NATO classified information to a third party, including subcontractors, without the prior written approval of the controlling organization, command, agency or staff. Requests are to be submitted direct to the contracting agency for DoD Component contracts. They will be submitted through the CSO for NATO contracts and non-NATO contracts awarded by a NATO member nation.
F. STORING NATO DOCUMENTS
NATO classified documents, except for NATO RESTRICTED, are to be stored as prescribed in DoD Directive 5100.55 and the NISPOM for U.S. documents of an equivalent classification level. However, NATO documents must not be co-mingled with U.S. or other documents and must be accounted for at all times. NATO RESTRICTED documents may be stored in locking filing cabinets, book cases, desks, or other similar locked containers that will deter unauthorized access.
G. INTERNATIONAL TRANSMISSION OF CLASSIFIED NATO DOCUMENTS
1. NATO has established a central distribution point for the receipt and distribution of NATO documents within each NATO member nation. The central distribution point for the United States is the Central U.S. Registry (CUSR) located in the Pentagon. The CUSR establishes subregistries at U.S. Government organizations for further distribution and control of NATO documents. Subregistries may establish control points and sub-control points as needed within their activities for distribution and control of NATO documents. COSMIC TOP SECRET, NATO SECRET and all ATOMAL documents must be transferred through the registry system. Other NATO classified information will be transferred as described below. Receipts are required for NATO material classified CONFIDENTIAL and above.
a. NATO Organization, Command, Agency or Staff Contracts. Contractors normally will receive and send NATO classified information related to the NPLO, NATO Management Agency, Research Staff or command contract through the CUSR, a subregistry, a control point or other office established at a DoD Component for this purpose. If instructions are not provided by the contracting agency, contractors should contact the CSO for guidance.
b. Infrastructure and non-NATO Contracts. Classified information involved in NATO infrastructure contracts or non-NATO contracts awarded by a NATO member nation will be transferred through channels described in Chapter 6 of this handbook.
2. COSMIC TOP SECRET, NATO SECRET, NATO CONFIDENTIAL and all ATOMAL documents must be double wrapped in the same manner as equivalent U.S. classified documents, except that the inner wrapper is to be marked with the appropriate NATO markings. NATO RESTRICTED documents do not required double wrapping.
3. The hand carrying of NATO SECRET, NATO CONFIDENTIAL, and NATO RESTRICTED documents across international borders may be authorized provided an urgent situation exists, as described in Chapter 6 of this handbook. However, when carrying NATO SECRET and NATO CONFIDENTIAL information, the courier must be issued a NATO Courier Certificate (Appendix J). A courier certificate is not required for NATO RESTRICTED information, but the courier must be informed of and acknowledge the procedures for handling the information. When handcarriage is authorized, the documents will be delivered to a U.S. organization at NATO, which will transfer the document(s) to the intended recipient (See subparagraph I.3.a., below). COSMIC TOP SECRET and ATOMAL documents may not be hand carried; they must be transmitted through the NATO document distribution system.
H. EXTRACTING FROM NATO DOCUMENTS
1. Except for COSMIC TOP SECRET and ATOMAL information, classified information may be extracted from NATO documents for incorporation into a classified document prepared for a U.S. or NATO nation non-NATO contract when the NATO documents have been provided in support of the contract under which the document is to be prepared. Contractors must obtain permission to extract from a COSMIC TOP SECRET or ATOMAL document from the CUSR through the CSO. Government personnel shall obtain permission from their local subregistry.
2. If extracts of NATO information are included in a non-NATO document produced by a U.S. contractor or DoD Component, the document will be marked with U.S. classification markings. The overall classification of the document will reflect the highest classification of the material, NATO or U.S., contained in the document. The caveat, "THE DOCUMENT CONTAINS NATO (LEVEL OF CLASSIFICATION) INFORMATION" also is to be marked on the front cover, or the first page if there is no cover, of the document. Additionally, each paragraph or portion containing the NATO information will be marked with the appropriate NATO classification marking, abbreviated in parentheses (e.g., NS) preceding the portion or paragraph. The "Declassify on" line of the document will show "Originating Agency Determination Required" or "OADR" unless the original NATO document shows a specific date for declassification. If information is extracted from NATO source material and U.S. source material that contain conflicting classification requirements, consult the CSO or DoD Component security manager, as appropriate.
3. The pages containing NATO portions are to be marked with a U.S. classification that reflects the highest level of classified information contained on the page. For example, if the page contains U.S. CONFIDENTIAL and NATO SECRET information, the highest overall classification would be SECRET. When all information on an internal page is NATO information, that page shall be marked with the highest NATO classification (e.g., NATO SECRET).
4. Extracted NATO RESTRICTED information may be included in U.S. unclassified documents provided the applicable marking requirements cited above are met. In addition, the U.S. document must be marked. "THIS DOCUMENT CONTAINS NATO RESTRICTED INFORMATION." The document must be controlled as described in DoD Directive 5100.55 and the ISM/NISPOM.
5. A list is to be maintained of all source documents from which extracts are included in the U.S. document. Contractors must provide a copy of this list to the contracting DoD Component.
6. Declassification or downgrading of NATO information in a U.S. document requires the approval of the originating NATO command, agency or office. Contractors are to submit requests through the CSO to the CUSR for NATO contracts, through the contracting DoD Component for U.S. contracts, and through the CSO for non-NATO contracts awarded by a NATO member nation. DoD Components will submit their requests directly to the CUSR. The response must be retained with the affected documents until they are returned to the originator, contracting agency or destroyed.
7. U.S. documents and documents prepared for a NATO nation in support of a non-NATO contract that contain NATO classified information are to be controlled, protected, and accounted for in the same manner as equivalent U.S. and foreign government classified documents. However, to the extent practicable, they should be stored and accounted for in such a manner that they are not commingled with other classified documents.
I. RELEASE OF U.S. INFORMATION TO NATO
1. Disclosure Authorization. The release of U.S. classified information to NATO requires an export authorization or other written disclosure authorization in compliance with Chapters 2 and 3 of this handbook. When a DoD Component awards a contract for the preparation of material that the DoD Component is to release to NATO, the Component must obtain the necessary disclosure authorization from an appropriate disclosure authority based on the list required pursuant to subsections C.4. and H.5., above.
2. Marking The Documents
a. When a document containing U.S. classified information is being specifically prepared for NATO, the appropriate NATO classification markings will be applied to the document only after the U.S. information contained in the document is authorized for release to NATO. If the information is to be provided pursuant to a NATO contract, the requirements of the NATO security aspects letter and security requirements checklist will be followed. However, if U.S. classification guidance for the U.S. information is not consistent with NATO classification guidance, the matter must be forwarded to the CSO for resolution. The U.S. classified information will be identified in the document by paragraph markings.
b. Documents prepared for NATO that contain U.S. classified information, and U.S. classified documents that are authorized for release to NATO, must be marked on the cover or first page, as applicable, "THE INFORMATION IN THIS DOCUMENT HAS BEEN AUTHORIZED FOR RELEASE TO (cite the NATO organization) BY (cite the applicable license or other written disclosure authorization.)" If there are restrictions on further dissemination, the restrictions also must appear on the document.
3. Transmission. The CSO will provide transmission instructions to the contractor. DoD Components will comply with Chapter 6. However, the following general rules apply:
a. The material must be addressed to a U.S. organization at NATO (e.g., U.S. Mission to NATO, U.S. National Military Representative to Supreme Headquarters Allied Powers Europe (SHAPE), U.S. Representative to NAMSA) which will place the material into NATO security channels. The material must be accompanied by a letter to the U.S. organization that provides the necessary transfer instructions and provides assurances that the material has been authorized for release to NATO. The material will be properly wrapped as described in the NISPOM and DoD Directive 5100.55 (reference hhh). However, the inner wrapper will be addressed to the intended NATO recipient; the outer wrapper shall be addressed to the U.S. organization at NATO.
b. Classified material to be sent to NATO via mail will be routed only through the U.S. postal service and U.S. military postal channels registered mail to the U.S. organization that will affect the transfer. The use of express mail is not authorized.
1. General. Except as described below, visits by DoD and defense contractor employees to NATO organizations and visits by NATO employees to DoD and defense contractor facilities are to be handled in accordance with Chapter 7 of this handbook. The DoD Component security office (for DoD employees) or DISCO (for contractors) will provide the required NATO certification of security clearance to NATO security authorities.
2. NPLO And NIAG Recurring Visits. NATO has established special procedures for recurring visits involving contractors, government departments and agencies, and NATO commands and agencies that are participating in the NPLO or NIAG contract or program. Recurring visits for these programs will be handled as follows:
a. The NATO Management Office or Agency responsible for the NPLO will prepare a list of government and contractor facilities participating in the program. For NIAG programs, the list will be prepared by the responsible staff element. The list will be forwarded to DISCO, which will forward it to the participating U.S. contractors and DoD Components for verification.
b. Each participating contractor and DoD Component will prepare a visit request listing all personnel who will be required to participate in international visits in connection with the program. See Appendix P for the visit request format.
c. The visit request will be submitted to DISCO or the DoD Component security office (as applicable) for security clearance verification and will then be forwarded to the sponsoring NATO organization and other National Security Authorities of participating NATO member nations. For DoD contractors the request will be forwarded by DISCO; DoD Component requests will be forwarded according to DoD procedures. Visit requests received by DISCO from other national Security Authorities will be forwarded to the participating U.S. contractors and DoD Components. Upon receipt of these visit requests, direct visit arrangements may be made between the security offices of the participating contractors and government organizations. To arrange the direct visits, a visit notification containing the purpose of the visit, the proposed date(s) of the visit, the name(s) of the visitor(s), the serial number on the appropriate facilities list, and the person to be visited will be forwarded direct to the facility to be visited at least 72 work-day hours in advance of the proposed visit. This may be accomplished by electronic message or telefax.
d. Contractors and DoD Components must notify DISCO when a person listed on the original visit authorization no longer requires access. DISCO will also be notified through individual visit requests, using the prescribed format, of any persons who must be added to the block list.
e. A separate visitor record for NATO visits, including those U.S. personnel assigned to NATO, shall be maintained by contractors for three years in compliance with the NISPOM.