[Back]

[Index]

[Next]

APPENDIX N

PROGRAM/PROJECT SECURITY INSTRUCTION

 

MULTINATIONAL INDUSTRIAL SECURITY WORKING GROUP

15 June 1989 MISWG DOCUMENT Number 5

(amended 25 June 1993)

 

PROGRAMME/PROJECT SECURITY INSTRUCTION

 

 

INTRODUCTION

 

The attached sample standard format for a Programme/Project Security Instruction (PSI) provides supplementary information to the security section of non-NATO Multinational Cooperative Defence Programme/Project Arrangements. The guidance contained in the PSI also supplements the guidance contained in the national security rules of the Participants under which classified information and material is normally protected. It should be used to reconcile differences in national policies so that standard procedures will be used for the Programme/Project. If, in exceptional circumstances, a Programme or Project involves the use of both national and NATO procedures, special attention must be given to differences in the procedures, particularly with regard to access control.

 

The minimum elements of information to be provided for each section are described, and, in some cases, suggested language is provided. These descriptions and suggested language are for guidance only. Additional requirements may apply depending on the size and complexity of the Programme/Project, sensitivity of the information involved, any extraordinary security requirements that may be determined by the foregoing factors or differences in the national policies of the Participants, and specific requirements set forth in the applicable Arrangement.

 

This standard format is not binding on the Participants, but it should be used in the Programme/Project Security Instruction whenever possible. When the term "Programme/Project" is used herein, the correct word should be selected as it appears in the applicable Arrangement.

 

(SAMPLE TITLE PAGE)

 

 

 

SECURITY INSTRUCTION

 

 

 

FOR

 

 

 

(INSERT NAME OF PROGRAMME/PROJECT)

 

 

 

ISSUED BY

 

 

 

(INSERT NAME

OF INTERNATIONAL PROGRAMME/PROJECT OFFICE)

 

 

 

(DATE)

 

(SAMPLE)

 

 

 

DISTRIBUTION LIST

 

 

 

 

 

PARTICIPANTS No. OF COPIES

 

 

(SAMPLE)

 

TABLE OF CONTENTS

 

SECTION PAGE

 

I. INTRODUCTION AND GLOSSARY

A. PURPOSE

B. AUTHORITY, RESPONSIBILITY, AND APPLICABILITY

C. GLOSSARY OF TERMS

 

II. SECURITY INSTRUCTIONS

A. GENERAL PRINCIPLES

B. PROGRAMME/PROJECT SECURITY CLASSIFICATION GUIDE

C. SECURITY CLASSIFICATION AND DISTRIBUTION MARKINGS

D. TRANSMISSION

E. BREACHES OF SECURITY AND LOSS OR COMPROMISE, OR POSSIBLE LOSS OR

COMPROMISE OF CLASSIFIED INFORMATION

 

III. RELEASE OF INFORMATION

A. UNILATERAL RELEASE

B. RELEASE OF INFORMATION TO NON-PARTICIPANTS OR THIRD PARTIES

C. RELEASE OF CLASSIFIED INFORMATION AT CLASSIFIED SYMPOSIA, SEMINARS,

AND CONFERENCES

D. PUBLIC RELEASE OF PROGRAMME/PROJECT INFORMATION

E. EXHIBITION AUTHORIZATION

F. DISTRIBUTION STATEMENTS

 

IV. INTERNATIONAL VISITS

 

V. SECURITY EDUCATION AND AWARENESS

 

VI. CONTROL OF SECURITY-CLEARED FACILITIES

 

VII. SUBCONTRACTING

 

VIII. ADDITIONAL CONTRACTOR OBLIGATIONS

 

 

ANNEXES

 

A. LIST OF PROGRAMME/PROJECT PARTICIPANTS AND PRIME CONTRACTORS

B. PROGRAMME/PROJECT SECURITY CLASSIFICATION GUIDE

C. COMPARISON OF NATIONAL SECURITY CLASSIFICATION MARKINGS AND

DISTRIBUTION STATEMENTS

D. ARRANGEMENTS FOR THE INTERNATIONAL HAND CARRIAGE OF CLASSIFIED

DOCUMENTS, EQUIPMENT AND/OR COMPONENTS

E. TRANSPORTATION PLAN

F. INTERNATIONAL VISITS

G. FACILITY SECURITY CLEARANCE (FSC) INFORMATION SHEET (FIS)

H. AUTOMATED DATA PROCESSING SYSTEM SECURITY PLAN

 

SECTION I

 

 

INTRODUCTION AND GLOSSARY

 

 

A. PURPOSE

 

To provide instructions on the classification and marking of information and material, release procedures, and other security arrangements for the (Insert name of the Programme/Project) in accordance with the provisions of the (Insert name of Programme/Project) Arrangement dated (Insert date of issue).

 

B. AUTHORITY, RESPONSIBILITY, AND APPLICABILITY

 

1. This Programme/Project Security Instruction (PSI) is issued by the (Insert International Programme/Project Office (IPO) or other responsible office) and is effective (Insert date of issue). This PSI has been approved by the National Security Authorities/Designated Security Authorities (NSAs/DSAs), as applicable, of the Participants. Requests for clarification of this PSI should be directed to the IPO (Insert other office, as applicable), which will coordinate as appropriate with the NSAs/DSAs, and provide a response. Proposed changes or revisions to this PSI also will be directed through the IPO to the NSAs/DSAs. Changes will not be made without approval of all NSAs/DSAs.

 

2. The NSA or DSA of each Participating Government listed at Annex A has overall responsibility to ensure national compliance with the security requirements of this Programme/Project. (NOTE: The NSAs/DSAs may designate a subordinate Cognizant Security Office to implement the PSI after it is approved. That office, and all other officials of organizations involved in the Programme/Project; e.g., Programme Managers and Security Officials, will be listed at Annex A).

 

3. This PSI applies to all government organizations, contractors, and subcontractors involved with the Programme/Project.

 

C. GLOSSARY OF TERMS

 

(NOTE: Definitions must be consistent with the Arrangement definitions.)

 

BACKGROUND INFORMATION

 

Information not generated in the performance of the Programme/Project.

 

CLASSIFIED INFORMATION

 

Information that requires protection in the interests of national security and is so designated by the application of a security classification marking.

 

COGNIZANT SECURITY OFFICE

 

The security office designated by a NSA/DSA to implement the industrial security requirements of the Programme/Project. This normally will be the cognizant industrial security office that is responsible for implementing a national industrial security program.

 

CONTROLLED UNCLASSIFIED INFORMATION

Unclassified information to which access or distribution limitations have been applied in accordance with national laws and regulations, and which will be marked and handled in accordance with this PSI.

 

DESIGNATED SECURITY AUTHORITY (DSA)

 

Government security office approved by national authorities to be responsible for the overall security aspects of this international Programme/Project.

 

DOCUMENT

 

Any letter, note, minute, report, memorandum, signal/message, sketch, photograph, film, map, chart, plan, stencil, carbon, typewriter ribbon, tape recording, magnetic recording, punched card/tape, chip and other forms of recorded information.

 

FOREGROUND INFORMATION

 

Information generated in the performance of the Programme/Project.

 

INFORMATION

 

Knowledge that can be communicated by any means.

 

INTERNATIONAL PROGRAMME/PROJECT OFFICE (IPO)

 

The programme office established for the management of the Programme/Project. (NOTE: Also may be referred to as Joint Program Office (JPO) or Programme/Project Management Office (PMO) depending on the organization of the Programme/Project and assignment of responsibilities.)

 

MATERIAL

 

Any item or substance from which information can be derived. This definition includes both documents, as defined above, as well as equipment.

 

NATIONAL PROGRAMME OFFICE

 

The programme office established in a participating country for the management of the national aspects of the Programme/Project.

 

NATIONAL SECURITY AUTHORITY (NSA)

 

The participating government entity responsible for national security policy guidance.

 

PARTICIPANTS

 

The signatories to the Arrangement concerning the cooperative Programme/Project.

 

PARTICIPATING CONTRACTORS

 

Contractors, subcontractors or other non-government entities authorized to take part in the Programme/Project and who are legally bound to comply with the Programme/Project Arrangement and this PSI.

 

PROGRAMME/PROJECT INFORMATION/MATERIAL

 

Classified or unclassified information provided to, generated in, or used in this Programme/Project regardless of form or type, including, but not limited to, that of a scientific, technical, business, or financial nature, and also including photographs, reports, manuals, threat data, experimental data, test data, designs specifications, processes, techniques, inventions, drawings, technical writings, sound recordings, pictorial representations, and other graphical presentations, whether in magnetic tape, computer memory, or any other form and whether or not subject to copyright, patent, or other legal protection.

 

THIRD PARTIES

 

Any person or other entity whose government or whose governing authority is not a participant in the Programme/Project.

 

 

SECTION II

 

SECURITY INSTRUCTIONS

 

A. GENERAL PRINCIPLES

 

1. All classified information exchanged, held, used, or generated in connection with this Programme/Project will be transmitted, stored, handled, and safeguarded in accordance with the national security laws and regulations of the Participants. Classified information and material will be released only to those establishments and individuals that have the requisite security clearances and an official need for access to the information or material and who meet all other necessary national security requirements.

 

2. The classification of all information used in the Programme/ Project will be in accordance with Section B., below, and the Programme/ Project Security Classification Guide at Annex B.

 

3. Classified information will be furnished only through government-to-government channels or channels approved by the NSAs/DSAs of the Participants as described in Section D., below. Upon receipt, it will either retain the classification assigned by the originator or be assigned a national classification by the receiving Participant which will ensure a degree of protection at least equivalent to that protection afforded by the classification assigned by the originator.

 

B. PROGRAMME/PROJECT SECURITY CLASSIFICATION GUIDE

 

1. Programme/Project Foreground Information that qualifies for security classification will be classified in compliance with Annex B. Any proposed change in the classification of elements of Foreground Information will be accepted only with the approval of all NSAs/DSAs and the IPO. If a change is accepted, the Classification Guide will be changed accordingly. Approved changes to the Security Classification Guide constitute authority to change security requirements accordingly.

 

2. In certain cases a compilation of information may justify security protection at a higher classification level than that shown on individual documents. When information is so classified, the reason will be stated on the document that contains the information.

 

3. The fact that the Programme/Project Information does not carry a security classification or distribution marking does not mean that it is automatically authorized for public release. All releases of Programme/Project Information require written authorization and will be handled according to Section III and Annex B.

 

4. Programme/Project Information must be identified as such in accordance with Annex C.

 

5. All Background Information will be classified or reclassified by the originating Participant in accordance with the laws or policies of the originating Participant. When the classification of Background Information is changed, the IPO and all NSAs/DSAs will be notified.

 

C. SECURITY CLASSIFICATION AND DISTRIBUTION MARKINGS

 

All Programme/Project classified documents will be marked with the appropriate classification.

 

(NOTE: Distribution markings may be used, as appropriate. If they are used, they also will be included at Annex C.)

 

D. TRANSMISSION

 

1. The standard method of transmitting classified information and material across international borders is through government-to-government channels. For this Programme/Project the government channels are listed below. (NOTE: Government channels to be used among the Participants must be described. These may be, for example, military courier, diplomatic pouch, or military postal or government communications channels.)

 

2. (NOTE: To meet an urgent need to transfer classified documents and equipment/components, hand carriage may be used. The procedures, if approved, will be commensurate with MISWG Document No. 1, "Arrangements for the International Hand Carriage of Classified Documents, Equipment and/or Components." That document must be modified for the specific Programme or Project.)

 

3. (NOTE: If the electronic transmission of classified information and material is anticipated, a plan must be included. Electronic transmission of Programme/Project information and material will be in compliance with MISWG Document No. 3 "Use of Cryptographic Systems." The Procedures, containing specific instructions, may also be attached as an Annex. If telemetry transmissions of classified information are involved (e.g., for flight tests), a plan for such activity must also be included.)

 

4. (NOTE: If an Automated Data Processing System (ADPS) plan is necessary, it should be in an Annex. The plan should be in compliance with MISWG Document No. 13.)

 

5. (NOTE: If the transmission of classified material as freight will be necessary, a Transportation Plan using MISWG Document No. 10, "Transportation Plan for the Transmission of Classified Material as Freight," should be included as an Annex.)

 

6. (NOTE: If Restricted information is involved in the Programme/Project, MISWG Document No. 6, "Protection of Restricted Information," will be used.)

 

E. BREACHES OF SECURITY AND LOSS OR COMPROMISE OR POSSIBLE LOSS OR COMPROMISE OF CLASSIFIED INFORMATION

 

1. All government organizations and contractors will report without delay any breaches of security and indications of loss, compromise, or possible loss or compromise of Programme/Project classified information. When the breach of security or loss or compromise involves a Participant establishment or contractor facility, the NSA or DSA of the establishment or facility that has custody of the information will be notified in writing. A copy of the notification will be provided simultaneously to the IPO, which will notify the other NSAs/DSAs, as applicable. When the loss or compromise occurs in the IPO area, all the NSAs/DSAs will be notified. Reports on the loss, compromise, or possible loss or compromise must include the following details:

 

a. a description of the circumstances;

b. the date or the period of the occurrence;

c. the date and place of discovery and the location of the occurrence;

d. the security classification and markings;

e. a brief description of the information based on the Programme/Project Security Classification Guide;

f. if the case concerns a document: originator, subject, reference, date, copy number, and language, etc...(Note: only official abbreviations are to be used);

g. an assessment of the likelihood of compromise; i.e., "certain," "probably," "possible," or "unlikely"; and,

h. a statement on whether the originator has been informed.

 

2. The NSA/DSA of the country that has custody of the information will be responsible for initiating the necessary investigation in coordination with any other NSA/DSA whose personnel or facilities were involved.

 

3. Upon completion of the investigation all NSAs/DSAs involved and the IPO will be notified of the results and corrective action taken by the NSA/DSA initiating action.

 

4. The NSAs/DSAs will deal with the breaches of security in accordance with the applicable national laws and regulations.

 

(NOTE: The NSAs/DSAs will agree on the reporting of compromises involving Restricted information.)

 

SECTION III

 

RELEASE OF INFORMATION

 

A. UNILATERAL RELEASE

 

Unilateral release of classified or unclassified Programme/Project Information or material to other than Programme/Project Participants and their contractors is prohibited without specific written approval. Requests or proposals for release will be handled according to the following paragraphs.

 

B. RELEASE OF INFORMATION AND MATERIAL TO NON-PARTICIPANTS OR THIRD PARTIES

 

No Programme/Project Information, except that which has been approved for public release (see paragraph C. below), or as specified in the Programme/Project Arrangement (NOTE: Include only if the Arrangement discusses the issue), may be released to non-Participants and/or their contractors without the prior written approval of the Participants. Requests for release to non-Participants or Third Parties or their contractors will be submitted through the IPO to the authorities who are responsible for release decisions in compliance with the (Insert the name of the Programme/Project) arrangement. (NOTE: If the arrangement does not cover this issue, specific procedures must be described. If the issue is covered in the arrangement, cite the section.)

 

C. RELEASE OF CLASSIFIED INFORMATION AT SYMPOSIA, SEMINARS, AND CONFERENCES

 

Speeches and presentations involving Programme/Project Information to be presented at symposia, seminars, and conferences, whether at government establishments, contractor facilities, or other properly approved venues, when personnel representing other than the Programme/Project Participants or their contractors are present, must be submitted simultaneously to the applicable NSAs/DSAs through the IPO for prior approval. The request for review and approval of the speeches and presentations must be submitted at least (insert number) calendar weeks before the date for which clearance is required. It will include the name of the requesting individual, date of presentation, nationality of non-participating representatives and the countries represented, title of the symposium or seminar, and other information that may be required by national regulations.

 

(NOTE: Specific channels and procedures must be described following the above guidance. In some cases the request may be submitted to an office other the NSA/DSA if national regulations so require.)

 

D. PUBLIC RELEASE OF PROGRAMME/PROJECT INFORMATION

 

Contractors will seek written approval for public release of all Programme/Project Foreground Information, including publicity material and material for open release at symposia, conferences, or exhibitions, through prescribed channels to the IPO. Contractors must ensure that subcontractors follow the same procedures. The IPO may reject such proposals without further recourse. Release authorization will generally be made following consultation with the NSAs/DSAs. All proposals that the IPO endorses are to be submitted to the appropriate NSA/DSA or other specified authorities of the Participants who would then grant release in accordance with national regulations. A minimum of (insert number) calendar weeks should be allowed for review of the proposal. Background Information to be publicly released by a company without reference to the Programme/Project will be cleared by the appropriate originating government authority in accordance with national regulations. An information copy of the clearance will be sent to the IPO. It is incumbent upon defence contractors or government organizations to screen all information submitted to them for public release to ensure that: (1) it is unclassified, (2) it is technically accurate, and (3) release will not be detrimental to national security or the Programme/Project.

 

(NOTE: Specific channels, authorities, and procedures must be described following the above guidance. National regulations may require approval by offices other than the NSAs/DSAs.)

 

E. EXHIBITION AUTHORIZATION

 

Contractors that display Programme/Project information and material at exhibitions must have available at each exhibition a copy of the document that provides authorization for the display. Contractors must ensure that all information on public display (e.g., at Air Shows, International Exhibitions, etc.) is displayed in the form in which it was officially authorized for release.

 

F. DISTRIBUTION STATEMENTS

 

(NOTE: Distribution statements may be used on Programme/Project documents to facilitate release decisions. Specific distribution statements normally would be included in an appropriate Annex, such as Annex C.)

 

SECTION IV

 

INTERNATIONAL VISITS

 

 

(NOTE: MISWG Document No. 7, "International Visit Procedures," should be used to prepare this section. The specific procedures that have been established to expedite visits among the parties and their contractor facilities will be described in this section. In all cases, recurring visit authorizations should be established for employees who will be required to make frequent, recurring visits to participating government and contractor facilities. The Government offices that will verify personnel clearances and approve visits should be listed at Annex A, together with the pertinent information on the company Security Officers.)

 

SECTION V

 

SECURITY EDUCATION

 

 

(NOTE: Persons who require access to Programme/Project classified information must be informed of their responsibilities and of the protection procedures for the safeguarding of such information. This section must describe the specific security matters on which the persons are to be briefed, particularly if there are unique procedures for this Programme/Project. The MISWG Security Education outline (MISWG Document No. 9) may be used for this purpose. The persons may be required to acknowledge the briefing by signing a briefing certificate. A more detailed briefing outline developed specifically for the Programme/Project may be included as an Annex. A sample briefing certificate, if used, also should be at an Annex.)

 

SECTION VI

 

CONTROL OF SECURITY CLEARED FACILITIES

 

 

(NOTE: MISWG Document No. 11, "Control of Security Cleared Facilities," will be used. The detailed information on facilities should be inserted as an Annex, if used).

 

 

 

 

SECTION VII

 

SUBCONTRACTING

 

A. DOMESTIC SUBCONTRACTS

 

1. Before entering into negotiations for a subcontract or order involving the release of Programme/Project classified information to a company in his/her own country, the Security Officer of the company letting the contract will ask his/her NSA/DSA or Cognizant Security Office, as applicable, for a Facility Security Clearance (FSC) verification for the potential subcontractor. The FSC Information Sheet at Annex G will be used.

 

2. The request for a FSC verification must include details of the highest level of classified information to be released, the nature and volume of the information, and an explanation of the need for the potential subcontractor to receive the information.

 

3. If a FSC verification is issued by the NSA/DSA and the classified subcontract is let, two copies of the subcontract (security related aspects only) will be forwarded to the NSA/DSA or Cognizant Security Office to enable the security performance of the subcontractor to be monitored.

 

B. INTERNATIONAL SUBCONTRACTS

 

1. Prior to letting a subcontract with a company in another participating nation, or outside any of the participating nations, the Security Officer of the company that wishes to let the subcontract will first obtain the approval of the IPO. The requirements above also will be required for such international subcontracts.

 

2. On receipt of the request for a FSC verification for precontract discussions, the NSA/DSA of the country in which the potential subcontractor is located will complete the reply section of the request for FSC form. Precontract discussions may take place after receipt of the reply.

 

3. If an international contract is let, two copies of the subcontract (security-related aspects only) will be passed from the placing company to its NSA/DSA. The NSA/DSA will then pass the security aspects to the NSA/DSA of the subcontractor who will make the necessary arrangements for the protection of all classified information released to the subcontractor under the subcontract.

 

 

 

 

SECTION VIII

 

ADDITIONAL CONTRACTOR OBLIGATIONS

 

 

(NOTE: Requirements to be assumed by the contractor that are not based on law or regulations must be a matter of contract obligation. Such contractual requirements, if applicable, may be listed in this section.)

 

 

ANNEX A

 

 

LIST OF PROGRAMME/PROJECT PARTICIPANTS

AND PRIME CONTRACTORS

 

 

I. NATIONAL SECURITY AUTHORITY/DESIGNATED SECURITY AUTHORITY

 

PARTICIPATING NAME/TITLE

COUNTRIES OF NSA/DSA ADDRESS TELEPHONE # TELEFAX #

(include country/city code)

 

 

II. COGNIZANT SECURITY OFFICES/DESIGNATED GOVERNMENT REPRESENTATIVES

 

PARTICIPATING NAME/TITLE

COUNTRIES OF POINT ADDRESS TELEPHONE # TELEFAX #

OF CONTACT (include country/city code)

 

 

III. INTERNATIONAL PROGRAMME/PROJECT OFFICE (IPO)

 

PARTICIPATING NAME/TITLE

COUNTRIES OF POINT OF ADDRESS TELEPHONE # TELEFAX #

CONTACT (include country/city code)

 

IV. NATIONAL PROGRAMME/PROJECT OFFICES (NPOs)

 

PARTICIPATING NAME/TITLE

COUNTRIES OF POINT OF ADDRESS TELEPHONE # TELEFAX #

CONTACT (include country/city code)

 

 

V. PARTICIPATING PROGRAMME/PROJECT PRIME CONTRACTORS

 

PARTICIPATING COMPANY NAME

COUNTRIES & NAME OF ADDRESS TELEPHONE # TELEFAX #

SECURITY (include country/city code)

OFFICER

 

ANNEX B

 

 

(INSERT NAME OF PROGRAMME/PROJECT)

 

 

 

SECURITY CLASSIFICATION GUIDE

 

 

ANNEX C

 

COMPARISON OF NATIONAL SECURITY CLASSIFICATION MARKINGS

 

 

PARTICIPATING TOP SECRET SECRET CONFIDENTIAL RESTRICTED

COUNTRY

 

 

 

(LIST AS APPROPRIATE)

 

(TO BE DETERMINED FOR EACH PROGRAMME/PROJECT)

 

 

(NOTE: See MISWG Document No. 1, "Arrangements for International Hand Carriage of Classified Documents, Equipment and/or Components," - Appendix A, Equivalent Security Classifications.)

 

DISTRIBUTION STATEMENTS

 

(NOTE: Distribution statements that may be used, are, for example, the following: (i) Programme/Project title; (ii) Distribution limited to Participants without prior consent of the Participants; (iii) Distribution limited to Participants and their Contractors; (iv) Public release authorized.)

 

 

ANNEX D

 

 

ARRANGEMENTS FOR THE INTERNATIONAL HAND CARRIAGE

OF DOCUMENTS, EQUIPMENT, AND/OR COMPONENTS

 

(LIST AS APPROPRIATE)

 

 

(NOTE: If required, arrangements can be established for the hand carriage of classified documents, equipment, and/or components between the countries of the Participants and their contractors. This arrangement should be based on MISWG Document No. 1, "Arrangements for International Hand Carriage of Classified Documents, Equipment and/or Components")

 

ANNEX E

 

TRANSPORTATION PLAN

 

 

(NOTE: See Document No. 10, "Transportation Plan for the Transmission of Classified Material as Freight," and Annex 1 to Document No. 10, "Notice of Classified Shipment.")

 

 

ANNEX F

 

INTERNATIONAL VISITS

 

 

(NOTE: See Document No. 7, "International Visit Procedures.")

 

 

ANNEX G

 

FACILITY SECURITY CLEARANCE (FSC) INFORMATION SHEET

 

(NOTE: See Document No. 12, "Facility Security Clearance Information Sheet (FIS).")

 

 

 

ANNEX H

 

AUTOMATED DATA PROCESSING SYSTEM SECURITY PLAN

 

 

(NOTE: See Document No. 13, "Guide for Preparing an Automated Data Processing System Security Plan.")