Safeguards and Security (SC31

Responsible Staff	Function	Requirements	Specific Duties
Walter Dykas Yvette Bowser	Cyber Security	P.L. 104-106 Clinger-Cohen Act (formerly the Information Technology Management Reform Act [ITMRA] of 1996) PCSP Program Cyber Security Plan (PCSP) DOE Directives Ensure Incorporation into DOE Office of Science Management System (SCMS)’ Solicit and Coordinate Site and Comments DOE O 200.1 Information Management Program DOE M 200.1-1 Telecommunications Security Manual DOE M 200.1-1 (Chapter 9) Public Key Cryptography and Key Management (Unclassified) DOE O 200.2 Information Collection Management Program DOE N 203.1 Software Quality Assurance DOE O 203.1 Limited Personal Use Of Government Office Equipment Including Information Technology DOE N 203.9 Certification and Accreditation Process for Information Systems Including National Security Systems DOE P 205.1 Departmental Cyber Security Management Policy DOE O 205.1 Unclassified Cyber Security Program DOE M 205.1-1 Incident Prevention, Warning, and Response (IPWAR) Manual DOE M 205.1-2 Clearing, Sanitization, and Destruction of Information System Storage Media, Memory Devices, and Related Hardware Manual DOE M 205.1-3 Telecommunications Security Manual DOE M 205.1-4 Cyber Security Process Requirements Manual; National Security System Manual DOE M 205.1-5 Cyber Security Process Requirements Manual DOE M 205.1-8 Cyber Security Incident Management Manual DOE N 205.2 Foreign National Access To DOE Cyber Systems DOE N 205.3 Password Generation, Protection, and Use DOE N 205.6 Extension of DOE Directive on Cyber Security DOE N 205.8 Cyber Security Requirements For Wireless Devices and Information Systems DOE N 205.9 Certification and Accreditation Process for Information Systems Including National Security Systems DOE N 205.10 Cyber Security Requirements for Risk Management DOE N 205.11 Security Requirements for Remote Access to DOE and Applicable Contractor Information Technology Systems DOE N 206.3 Personal Identity Verification DOE P 226.1 Department of Energy Oversight Policy DOE O 226.1 Implementation of Department of Energy Oversight Policy DOE O 226.1A Implementation of Department of Energy Oversight Policy DOE O 241.1A, Change 1 Scientific and Technical Information Management DOE N 251.67 Extension of DOE N 206.3 DOE O 470.2B Independent Oversight and Performance Assurance Program DOE O 470.4 Safeguards and Security Program DOE M 470.4-4 Information Security DOE M 471.1-1 Chng 1 Identification and Protection of Unclassified Controlled Nuclear Information Manual DOE O 471.1A Identification and Protection of Unclassified Controlled Nuclear Information DOE M 471.2-2 Classified Information Systems Security Manual DOE M 471.2-4 Technical Surveillance Countermeasures (Official Use Only) DOE O 471.3 Identifying and Protecting Official Use Only Information DOE M 471.3-1 Manual for Identifying and Protecting Official Use Only Information DOE O 475.1 Nuclear Counterterrorism Program DOE O 1450.4 Consensual Listening-In to or Recording Telephone /Radio Conversations DOE Directives with Shared Components DOE SC Documents DOE Guidance Documents Ensure Incorporation into DOE SC-SCMS; Solicit and Coordinate Field and Site Comments to Changes DOE CG-SS-6 Classification and UCNI Guide for Safeguards and Security Information (Official Use Only) DOE G 200.1-1 Software Engineering Methodology DOE G 205.1-1 Cyber Security Architecture Guidelines DOE G 205.2-1 Guide To Preventing Computer Software Piracy DOE G 205.3-1 Password Guide DOE G 241.1-1A Guide To The Management Of Scientific and Technical Information DOE G 413.3-14 Information Technology Project Guide DOE G 471.3-1 Guide to Identifying Official Use Only Information DOE-STD-4001-2000 Design Criteria For Electronic Management Software Applications NIST SP 800-18, Revision 1* Guide for Developing Security Plans for Federal Information Systems NIST SP 800-26* Security Self Assessment Guide for Information Technology Systems, and Revised NIST SP 800-26 System Questionnaire with NIST SP 800-53 References and Associated Security Control Mappings NIST SP 800-30 Risk Management Guide for Information Technology Systems NIST SP 800-34* Contingency Planning Guide for Information Technology Systems NIST SP 800-37* Guide for the Security Certification and Accreditation of Federal Information Systems NIST SP 800-40, Version 2* Creating a Patch and Vulnerability Management Program NIST SP 800-47* Security Guide for Interconnecting Information Technology Systems NIST SP 800-50* Building an Information Technology Security Awareness and Training Program NIST SP 800-53, Revision 1 Recommended Security Controls for Federal Information Systems NIST SP 800-59 Guideline for Identifying an Information System as a National Security System NIST SP 800-61* Computer Security Incident Handling Guide NIST SP 800-64, Revision 1* Security Considerations in the Information System Development Life Cycle NIST SP 800-65* Integrating IT Security into the Capital Planning and Investment Controls Process NIST SP 800-68* Guidance for Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist NIST SP 800-73, Revision 1, and Errata Sheet* Interfaces for Personal Identity Verification NIST SP 800-76-1 Biometric Data Specification for Personal Identity Verification FIPS PUB 199 Standards for Security Categorization of Federal Information and Information Systems FIPS PUB 200 Minimum Security Requirements for Federal Information and Information Systems FIPS PUB 201-1, Change Notice 1 Personal Identify Verification (PIV) of Federal Employees and Contractors	*SCMS Information Technology Chapters:* 3.2.6 Cyber Security *Duties:* o Providing the vision and plan and administering the implementation and oversight for the SC Complex Cyber Security Program o Providing a measurable process to determine the health of the SC complex cyber environment and providing oversight o Establishing, implementing, and maintaining a comprehensive and effective Cyber/Computer Security Program to protect the Department’s classified and unclassified information and IT assets o Managing Cyber Security, a critical corporate program o Collaborating with the SC Information Officer, as a CIO, a technical authority, responsible for the Unclassified Cyber Security Program, network hardware, software, and operations *SCMS S&S, and Emergency Management Chapters:* 3.2.1.4 Information Protection 3.2.1.5 Cyber Security *Duties:* o Maintaining the Risk Assessment and Mitigation Plan o Maintaining the Office of Science (SC) Threat and Risk Statement o Requirements for Classified Systems o Monitoring Unclassified Systems o Monitoring Classified Systems o Identifying Cyber Security Requirements for Unclassified Systems o Identifying Cyber Security Requirements for Classified Systems o Performing Designated Approving Authority (DAA) Responsibilities o Preparing a Cyber Security Plan o Maintaining the Office of Science (SC) Program Cyber Security Plan (PCSP) o Cyber Incident Information Security o Managing A Classified Matter Protection and Control (CMPC) Program o Implementing and Managing an Incident of Security Concern (IOSC) Program o Managing An Operations Security (OPSEC) Plan o Addressing and Identifying Foreign Ownership, Control, or Influence (FOCI) o Implementing the Homeland Security Presidential Directive (HSPD-12) o Implementing the Human Reliability Program (HRP) o Public Key Infrastructure (PKI) o Technical Surveillance Counter Measures o Identifying and Facilitating Classification Documentation o Preparation of the Continuity Program o Establishing RIS (Reporting Identification Symbols) o Managing A Classified Matter Protection and Control (CMPC) Program
Mark Thornock Cynthia Williams	Safeguards and Physical Security	P.L. 79-585 The Atomic Energy Act of 1946 (informally known as the McMahon Act) P.L. 83-703 (68 Stat. 919) The Atomic Energy Act of 1954 NIMS National Incident Management System NISP National Industrial Security Policy 10 CFR 1046 Physical Protection of Security Interests DOE O 142.1 Classified Visits Involving Foreign Nationals DOE O 142.2A Voluntary Offer Safeguards Agreement and Additional Protocol with the International Atomic Energy Agency DOE O 142.3 Unclassified Foreign Visits and Assignments Program DOE N 150.1 Continuity of Operations DOE O 151.1C Comprehensive Emergency Management System DOE N 153.2 Connectivity To National Atmospheric Release Advisory Center (NARAC) DOE M 200.1-1, Chapter 9 Public Key Cryptography and Key Management (Unclassified) DOE M 205.1-3 Telecommunications Security Manual (Official Use Only) DOE M 452.4-1A Protection of Use Control Vulnerabilities and Designs S DOE O 457.1 Nuclear Counterterrorism DOE M 457.1-1 Control of Improvised Nuclear Device Information (Official Use Only) DOE P 470.1 Integrated Safeguards and Security Management (ISSM) Policy DOE N 470.3 Reciprocal Recognition of Existing Personnel Security Clearances DOE O 470.3A Design Basis Threat Policy (Classified) DOE O 470.4 Safeguards and Security Program DOE M 470.4-1, Change 1 Safeguards and Security Program Planning and Management DOE M 470.4-2, Change 1 Physical Protection DOE M 470.4-3, Change 1 Protective Force DOE M 470.4-4 Information Security DOE M 470.4-6, Change 1 Nuclear Material Control and Accountability DOE M 470.4-7 Safeguards and Security Program References DOE M 471.1-1, Change 1 Identification and Protection of Unclassified Controlled Nuclear Information Manual DOE O 471.1A Identification and Protection of Unclassified Controlled Nuclear Information DOE M 471.1-1, Change 1 Identification and Protection of Unclassified Controlled Nuclear Information Manual DOE M 471.2-3A Special Access Program Policies, Responsibilities, and Procedures (Official Use Only) DOE M 471.2-4 Technical Surveillance Countermeasures Manual (Official Use Only) DOE O 471.3 Identifying and Protecting Official Use Only Information DOE M 471.3-1 Manual for Identifying and Protecting Official Use Only Information DOE O 475.1 Counterintelligence Program DOE M 475.1-1A Identifying Classified Information DOE O 5530.1A Accident Response Group DOE O 5530.2 Nuclear Emergency Search Team DOE O 5530.3, Change 1 Radiological Assistance Program DOE O 5530.4 Aerial Measuring System DOE O 5530.5, Change 1 Federal Radiological Monitoring and Assessment Center DOE O 5610.2, Change 1 Control of Weapon Data DOE O 5639.8A Security of Foreign Intelligence Information and Sensitive Compartmented Information Facilities DOE O 5660.1B Management of Nuclear Materials DOE O 5670.1A Management and Control of Foreign Intelligence DOE G 151.1-1, Volume I, Emergency Management Guide, Volume I: Introduction to the Emergency Management Guide DOE G 151.1-1, Volume II, Emergency Management Guide, Volume II: Hazards Surveys and Hazards Assessments DOE G 151.1-1, Volume III, Emergency Management Guide, Volume III: Program Elements (1) DOE G 151.1-1, Volume IV, Emergency Management Guide, Volume IV: Program Elements (2) DOE G 151.1-1, Volume V, Emergency Management Guide, Volume V: Administration and Training DOE G 151.1-1, Volume VII, Emergency Management Guide, Volume VII: Exercises DOE G 473.2-1 Guide for Establishment of a Contingency Protective Force DOE-STD-1091-96 Firearms Safety DOE-STD -1171-2003 Safeguards and Security Functional Area (Qualification) Standard DOE-STD-1177-2004 Emergency Management Functional Area Qualification Standard	*SCMS S&S, and Emergency Management Chapters:* 3.2 Key Functions/Services and Processes 3.2.1 SC Safeguards and Security 3.2.1.1 Program Management and Support 3.2.1.2 Protective Force 3.2.1.3 Physical Security 3.2.1.8 Nuclear Materials Controls and Accountability 3.2.2.1 Operational Emergency Program 3.2.2.2 Hazards Survey 3.2.2.3 Hazards Assessment 3.2.2.4 Radiological Assistance Program (RAP) *Duties:* o Facility Establishment / Termination o Managing Nuclear Material Control and Accountability (NMC&A) Plans o Appointing a Facility Security Officer (FSO) o Terminating Registrations o Facility Operations o Implementing and Managing an Incident of Security Concern (IOSC) Program o Managing Nuclear Materials Management o Graded Safeguards Protection Policy (GSP) o International Atomic Energy Agency (IAEA) 100 SC Declarations o Special Access Program (SAP) Special Security Officer o Graded Safeguards Table (GST) o HS Secure Telephone (STE) Inventory o Department of Homeland Security (DHS) Dailey Threat Assessments - Terrorist Sponsoring Country Visits for Approval to Work at SC labs - Counterterrorism Daily Intel Review o Initiating Unlawful Intelligence Activities Reports (quarterly) o Conducting BioSurety Activities – Biweekly to Monthly o DOE Committee of Foreign Investment in the United States (CFIUS) o Biological Weapons Convention-Annually o Protection of Biological and Nano Assets –Biweekly o International and State Department Reviews - Biweekly
Carolyn Murphy Lucretia Johnson Tara Washington	Personnel Security	P.L. 79-585 The Atomic Energy Act of 1946 (informally known as the McMahon Act) P.L. 83-703 (68 Stat. 919) The Atomic Energy Act of 1954 NISP National Industrial Security Policy 10 CFR 710 Criteria and Procedures for Determining Eligibility for Access to Classified Matter or Special Nuclear Material NIST SP 800-76-1 Biometric Data Specification for Personal Identity Verification DOE O 142.1 Classified Visits Involving Foreign Nationals DOE O 142.2A Voluntary Offer Safeguards Agreement and Additional Protocol with the International Atomic Energy Agency DOE O 142.3 Unclassified Foreign Visits and Assignments Program DOE N 150.1 Continuity of Operations DOE P 470.1 Integrated Safeguards and Security Management (ISSM) Policy DOE N 470.3 Reciprocal Recognition of Existing Personnel Security Clearances DOE M 470.4-4 Information Security DOE M 470.4-5 Personnel Security DOE M 470.4-7 Safeguards and Security Program References DOE M 471.1-1, Change 1 Identification and Protection of Unclassified Controlled Nuclear Information Manual DOE O 471.1A Identification and Protection of Unclassified Controlled Nuclear Information DOE M 471.2-3A Special Access Program Policies, Responsibilities, and Procedures (Official Use Only) DOE M 471.2-4 Technical Surveillance Countermeasures (Official Use Only) DOE O 471.3 Identifying and Protecting Official Use Only Information DOE M 471.3-1 Manual for Identifying and Protecting Official Use Only Information DOE O 475.1 Counterintelligence Program DOE M 475.1-1A Identifying Classified Information DOE O 5610.2 , Change 1 Control of Weapon Data DOE O 5639.8A Security of Foreign Intelligence Information and Sensitive Compartmented Information Facilities DOE O 5670.1A Management and Control of Foreign Intelligence DOE G 241.1-1A Guide to the Management of Scientific and Technical Information DOE G 471.3-1 Guide to Identifying Official Use Only Information FIPS 201-1, Change 1 Personal Identity Verification (PIV) of Federal Employees and Contractors	*SCMS* S&S, and Emergency Management Chapters: 3.0 Management System Operation 3.1 Overview 3.2.1.2 Protective Force 3.2.1.6 Personnel Security 3.2.1.7 Unclassified Visits and Assignments by Foreign Nationals 3.2.2 Emergency Management *Duties:* o Implementing the Homeland Security Presidential Directive (HSPD-12) o Processing Temp & Contractors Badge Request o Processing Temp & Contractors Terminations o Handling Contractor Clearances o Requesting an Access Authorization o Requesting an Access Authorization o Maintaining Security Awareness o Authorizing Access to Sensitive Compartmented Information (SCI) o Requesting Classified Visits o Addressing and Identifying Foreign Ownership, Control, or Influence (FOCI) o Establishing Access Authorizations (AA) for Certain Key Management Personnel (KMP) and Exclusion Procedures o Processing T-5, Foreign Visit Assignment (FVA) Requests o Processing Unclassified Visits and Assignments by Foreign Nationals o Report Foreign Contacts o Entering Requests into the Foreign Access Central Tracking System (FACTS) o Verifying the Indices Check o Preparing a Specific Security Plan o Notifying the Host of a Foreign National Visitor’s Arrival o Approving a Visit or Assignment of a National from a State Sponsor of Terrorism in the Foreign Access Central Tracking System (FACTS) o Verifying Approval of an Unclassified Foreign Visit or Assignment o Processing Clearances, Sensitive Compartmented Information (SCI) and Badges Requests o Coordinating J-1 Visa Waivers
Nancy Day	Program Analyst	P.L. 79-585 The Atomic Energy Act of 1946 (informally known as the McMahon Act) P.L. 83-703 (68 Stat. 919) The Atomic Energy Act of 1954 10 CFR 1046 Physical Protection of Security Interests 10 CFR 710 Criteria and Procedures for Determining Eligibility for Access to Classified Matter or Special Nuclear Material PCSP Program Cyber Security Plan (PCSP) DOE O 142.1 Classified Visits Involving Foreign Nationals DOE O 142.2A Voluntary Offer Safeguards Agreement And Additional Protocol With The International Atomic Energy Agency DOE O 142.3 Unclassified Foreign Visits And Assignments Program DOE N 150.1 Continuity of Operations DOE O 151.1C Comprehensive Emergency Management System DOE N 153.2 Connectivity To National Atmospheric Release Advisory Center (NARAC) DOE N 205.2 Foreign National Access to DOE Cyber Systems DOE N 206.3 Personal Identity Verification DOE M 452.4-1A Protection of Use Control Vulnerabilities and Designs DOE O 457.1 Nuclear Counterterrorism DOE M 457.1-1 Control of Improvised Nuclear Device Information (Official Use Only) DOE P 470.1 Integrated Safeguards and Security Management (ISSM) Policy DOE N 470.3 Reciprocal Recognition of Existing Personnel Security Clearance DOE O 470.3A Design Basis Threat Policy (Classified) DOE O 470.4 Safeguards and Security Program DOE M 470.4-1, Change 1 Safeguards and Security Program Planning and Management DOE M 470.4-2, Change 1 Physical Protection DOE M 470.4-3, Change 1 Protective Force DOE M 470.4-5 Personnel Security DOE M 470.4-6, Change 1 Nuclear Material Control And Accountability DOE M 470.4-7 Safeguards and Security Program References DOE M 471.2-3A Special Access Program Policies, Responsibilities, and Procedures (Official Use Only) DOE O 475.1 Counterintelligence Program DOE O 5530.2 Nuclear Emergency Search Team DOE O 5530.3, Change 1 Radiological Assistance Program DOE O 5530.4 Aerial Measuring System DOE O 5530.5, Change 1 Federal Radiological Monitoring and Assessment Center DOE O 5610.2, Change 1 Control Of Weapon Data DOE O 5639.8A Security Of Foreign Intelligence Information and Sensitive Compartmented Information Facilities DOE O 5660.1B Management of Nuclear Materials DOE O 5670.1A Management and Control of Foreign Intelligence DOE G 200.1-1 Software Engineering Methodology TOC NIST SP 800-50* Building an Information Technology Security Awareness and Training Program	*SCMS S&S, and Emergency Management Chapters:* 1.0 Purpose 2.0 Responsibilities 3.0 Management System Operation 3.1 Overview 4.0 Requirements 4.1 Primary Responsibility 4.2 Parsed Responsibility 5.0 Subject Areas, Program Descriptions, and Legacy Documents 6.0 References *Duties:* o Making Division Travel Arrangements Including Preparation of Itineraries, Authorizations, Vouchers, Reservations and any Required Notifications o Reviewing , Evaluating, Controlling and Tracking the Status of Action Items o Updating the Contents of Site Profiles o Ensuring Classified Working Papers Do Not Exceed the 180 Day Expiration Dates o Filing and Assisting with Staff Correspondence and Appointment Memos o Maintaining Room G222 Access Logs and Retaining Staff Travel and Training Records o Reviewing Plans of Action and Milestones Provided by the SC Sites to Identify Crosscutting Issues o Making Recommendations for Improvements and Raising Issues Identified to the Director of S&S to Assure Continuous Monitoring of Cyber Improvements on a Quarterly Basis for the Report Delivery to the Office of the Chief Information Officer o Reviewing, Evaluating, and Updating the Contents of the Office of the Chief Information Officer, the OMB, the IG and the Office of Health, Safety and Security (HSS) Data Calls to assure Responses are Accurate by the Established Due Date o Overseeing the Update of the SC Port Assignment Log by Staff

Responsible Staff

Function

Requirements

Specific Duties

Walter Dykas

Yvette Bowser

Cyber Security

P.L. 104-106 Clinger-Cohen Act (formerly the Information Technology Management Reform Act [ITMRA] of 1996)

PCSP Program Cyber Security Plan (PCSP)

DOE Directives Ensure Incorporation into DOE Office of Science Management System (SCMS)’ Solicit and Coordinate Site and Comments

DOE O 200.1 Information Management Program

DOE M 200.1-1 Telecommunications Security Manual

DOE M 200.1-1 (Chapter 9) Public Key Cryptography and Key Management (Unclassified)

DOE O 200.2 Information Collection Management Program

DOE N 203.1 Software Quality Assurance

DOE O 203.1 Limited Personal Use Of Government Office Equipment Including Information Technology

DOE N 203.9 Certification and Accreditation Process for Information Systems Including National Security Systems

DOE P 205.1 Departmental Cyber Security Management Policy

DOE O 205.1 Unclassified Cyber Security Program

DOE M 205.1-1 Incident Prevention, Warning, and Response (IPWAR) Manual

DOE M 205.1-2 Clearing, Sanitization, and Destruction of Information System Storage Media, Memory Devices, and Related Hardware Manual

DOE M 205.1-3 Telecommunications Security Manual

DOE M 205.1-4 Cyber Security Process Requirements Manual; National Security System Manual

DOE M 205.1-5 Cyber Security Process Requirements Manual

DOE M 205.1-8 Cyber Security Incident Management Manual

DOE N 205.2 Foreign National Access To DOE Cyber Systems

DOE N 205.3 Password Generation, Protection, and Use

DOE N 205.6 Extension of DOE Directive on Cyber Security

DOE N 205.8 Cyber Security Requirements For Wireless Devices and Information Systems

DOE N 205.9 Certification and Accreditation Process for Information Systems Including National Security Systems

DOE N 205.10 Cyber Security Requirements for Risk Management

DOE N 205.11 Security Requirements for Remote Access to DOE and Applicable Contractor Information Technology Systems

DOE N 206.3 Personal Identity Verification

DOE P 226.1 Department of Energy Oversight Policy

DOE O 226.1 Implementation of Department of Energy Oversight Policy

DOE O 226.1A Implementation of Department of Energy Oversight Policy

DOE O 241.1A, Change 1 Scientific and Technical Information Management

DOE N 251.67 Extension of DOE N 206.3

DOE O 470.2B Independent Oversight and Performance Assurance Program

DOE O 470.4 Safeguards and Security Program

DOE M 470.4-4 Information Security

DOE M 471.1-1 Chng 1 Identification and Protection of Unclassified Controlled Nuclear Information Manual

DOE O 471.1A Identification and Protection of Unclassified Controlled Nuclear Information

DOE M 471.2-2 Classified Information Systems Security Manual

DOE M 471.2-4 Technical Surveillance Countermeasures (Official Use Only)

DOE O 471.3 Identifying and Protecting Official Use Only Information

DOE M 471.3-1 Manual for Identifying and Protecting Official Use Only Information

DOE O 475.1 Nuclear Counterterrorism Program

DOE O 1450.4 Consensual Listening-In to or Recording Telephone /Radio Conversations

DOE Directives with Shared Components

DOE SC Documents

DOE Guidance Documents Ensure Incorporation into DOE SC-SCMS; Solicit and Coordinate Field and Site Comments to Changes

DOE CG-SS-6 Classification and UCNI Guide for Safeguards and Security Information (Official Use Only)

DOE G 200.1-1 Software Engineering Methodology

DOE G 205.1-1 Cyber Security Architecture Guidelines

DOE G 205.2-1 Guide To Preventing Computer Software Piracy

DOE G 205.3-1 Password Guide

DOE G 241.1-1A Guide To The Management Of Scientific and Technical Information

DOE G 413.3-14 Information Technology Project Guide

DOE G 471.3-1 Guide to Identifying Official Use Only Information

DOE-STD-4001-2000 Design Criteria For Electronic Management Software Applications

NIST SP 800-18, Revision 1* Guide for Developing Security Plans for Federal Information Systems

NIST SP 800-26* Security Self Assessment Guide for Information Technology Systems, and Revised NIST SP 800-26 System Questionnaire with NIST SP 800-53 References and Associated Security Control Mappings

NIST SP 800-30 Risk Management Guide for Information Technology Systems

NIST SP 800-34* Contingency Planning Guide for Information Technology Systems

NIST SP 800-37* Guide for the Security Certification and Accreditation of Federal Information Systems

NIST SP 800-40, Version 2* Creating a Patch and Vulnerability Management Program

NIST SP 800-47* Security Guide for Interconnecting Information Technology Systems

NIST SP 800-50* Building an Information Technology Security Awareness and Training Program

NIST SP 800-53*, Revision 1 Recommended Security Controls for Federal Information Systems

NIST SP 800-59* Guideline for Identifying an Information System as a National Security System

NIST SP 800-61* Computer Security Incident Handling Guide

NIST SP 800-64, Revision 1* Security Considerations in the Information System Development Life Cycle

NIST SP 800-65* Integrating IT Security into the Capital Planning and Investment Controls Process

NIST SP 800-68* Guidance for Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist

NIST SP 800-73, Revision 1, and Errata Sheet*
Interfaces for Personal Identity Verification

NIST SP 800-76-1 Biometric Data Specification for Personal Identity Verification

FIPS PUB 199** Standards for Security Categorization of Federal Information and Information Systems

FIPS PUB 200 Minimum Security Requirements for Federal Information and Information Systems

FIPS PUB 201-1**, Change Notice 1 Personal Identify Verification (PIV) of Federal Employees and Contractors

SCMS Information Technology Chapters:

3.2.6 Cyber Security

Duties:

o Providing the vision and plan and administering the implementation and oversight for the SC Complex Cyber Security Program

o Providing a measurable process to determine the health of the SC complex cyber environment and providing oversight

o Establishing, implementing, and maintaining a comprehensive and effective Cyber/Computer Security Program to protect the Department’s classified and unclassified information and IT assets

o Managing Cyber Security, a critical corporate program

o Collaborating with the SC Information Officer, as a CIO, a technical authority, responsible for the Unclassified Cyber Security Program, network hardware, software, and operations

SCMS S&S, and Emergency Management Chapters:

3.2.1.4 Information Protection

3.2.1.5 Cyber Security

Duties:

o Maintaining the Risk Assessment and Mitigation Plan

o Maintaining the Office of Science (SC) Threat and Risk Statement

o Requirements for Classified Systems

o Monitoring Unclassified Systems

o Monitoring Classified Systems

o Identifying Cyber Security Requirements for Unclassified Systems

o Identifying Cyber Security Requirements for Classified Systems

o Performing Designated Approving Authority (DAA) Responsibilities

o Preparing a Cyber Security Plan

o Maintaining the Office of Science (SC) Program Cyber Security Plan (PCSP)

o Cyber Incident
Information Security

o Managing A Classified Matter Protection and Control (CMPC) Program

o Implementing and Managing an Incident of Security Concern (IOSC) Program

o Managing An Operations Security (OPSEC) Plan

o Addressing and Identifying Foreign Ownership, Control, or Influence (FOCI)

o Implementing the Homeland Security Presidential Directive (HSPD-12)

o Implementing the Human Reliability Program (HRP)

o Public Key Infrastructure (PKI)

o Technical Surveillance Counter Measures

o Identifying and Facilitating Classification Documentation

o Preparation of the Continuity Program

o Establishing RIS (Reporting Identification Symbols)

o Managing A Classified Matter Protection and Control (CMPC) Program

Mark Thornock

Cynthia Williams

Safeguards and Physical Security

P.L. 79-585 The Atomic Energy Act of 1946 (informally known as the McMahon Act)

P.L. 83-703 (68 Stat. 919) The Atomic Energy Act of 1954

NIMS National Incident Management System

NISP National Industrial Security Policy

10 CFR 1046 Physical Protection of Security Interests

DOE O 142.1 Classified Visits Involving Foreign Nationals

DOE O 142.2A Voluntary Offer Safeguards Agreement and Additional Protocol with the International Atomic Energy Agency

DOE O 142.3 Unclassified Foreign Visits and Assignments Program

DOE N 150.1 Continuity of Operations

DOE O 151.1C Comprehensive Emergency Management System

DOE N 153.2 Connectivity To National Atmospheric Release Advisory Center (NARAC)

DOE M 200.1-1, Chapter 9 Public Key Cryptography and Key Management (Unclassified)

DOE M 205.1-3 Telecommunications Security Manual (Official Use Only)

DOE M 452.4-1A Protection of Use Control Vulnerabilities and Designs S

DOE O 457.1 Nuclear Counterterrorism

DOE M 457.1-1 Control of Improvised Nuclear Device Information (Official Use Only)

DOE P 470.1 Integrated Safeguards and Security Management (ISSM) Policy

DOE N 470.3 Reciprocal Recognition of Existing Personnel Security Clearances

DOE O 470.3A Design Basis Threat Policy (Classified)

DOE O 470.4 Safeguards and Security Program

DOE M 470.4-1, Change 1 Safeguards and Security Program Planning and Management

DOE M 470.4-2, Change 1 Physical Protection

DOE M 470.4-3, Change 1 Protective Force

DOE M 470.4-4 Information Security

DOE M 470.4-6, Change 1 Nuclear Material Control and Accountability

DOE M 470.4-7 Safeguards and Security Program References

DOE M 471.1-1, Change 1 Identification and Protection of Unclassified Controlled Nuclear Information Manual

DOE O 471.1A Identification and Protection of Unclassified Controlled Nuclear Information

DOE M 471.1-1, Change 1 Identification and Protection of Unclassified Controlled Nuclear Information Manual

DOE M 471.2-3A Special Access Program Policies, Responsibilities, and Procedures (Official Use Only)

DOE M 471.2-4 Technical Surveillance Countermeasures Manual (Official Use Only)

DOE O 471.3 Identifying and Protecting Official Use Only Information

DOE M 471.3-1 Manual for Identifying and Protecting Official Use Only Information

DOE O 475.1 Counterintelligence Program

DOE M 475.1-1A Identifying Classified Information

DOE O 5530.1A Accident Response Group

DOE O 5530.2 Nuclear Emergency Search Team

DOE O 5530.3, Change 1 Radiological Assistance Program

DOE O 5530.4 Aerial Measuring System

DOE O 5530.5, Change 1 Federal Radiological Monitoring and Assessment Center

DOE O 5610.2, Change 1 Control of Weapon Data

DOE O 5639.8A Security of Foreign Intelligence Information and Sensitive Compartmented Information Facilities

DOE O 5660.1B Management of Nuclear Materials

DOE O 5670.1A Management

and Control of Foreign Intelligence

DOE G 151.1-1, Volume I, Emergency Management Guide, Volume I: Introduction to the Emergency Management Guide

DOE G 151.1-1, Volume II, Emergency Management Guide, Volume II: Hazards Surveys and Hazards Assessments

DOE G 151.1-1, Volume III, Emergency Management Guide, Volume III: Program Elements (1)

DOE G 151.1-1, Volume IV, Emergency Management Guide, Volume IV: Program Elements (2)

DOE G 151.1-1, Volume V, Emergency Management Guide, Volume V: Administration and Training

DOE G 151.1-1, Volume VII, Emergency Management Guide, Volume VII: Exercises

DOE G 473.2-1 Guide for Establishment of a Contingency Protective Force

DOE-STD-1091-96 Firearms Safety

DOE-STD -1171-2003 Safeguards and Security Functional Area (Qualification) Standard

DOE-STD-1177-2004 Emergency Management Functional Area Qualification Standard

SCMS S&S, and Emergency Management Chapters:

3.2 Key Functions/Services and Processes

3.2.1 SC Safeguards and Security

3.2.1.1 Program Management and Support

3.2.1.2 Protective Force

3.2.1.3 Physical Security 3.2.1.8 Nuclear Materials Controls and Accountability 3.2.2.1 Operational Emergency Program

3.2.2.2 Hazards Survey 3.2.2.3 Hazards Assessment 3.2.2.4 Radiological Assistance Program (RAP)

Duties:

o Facility Establishment / Termination

o Managing Nuclear Material Control and Accountability (NMC&A) Plans

o Appointing a Facility Security Officer (FSO)

o Terminating Registrations

o Facility Operations

o Implementing and Managing an Incident of Security Concern (IOSC) Program

o Managing Nuclear Materials Management

o Graded Safeguards Protection Policy (GSP)

o International Atomic Energy Agency (IAEA) 100 SC Declarations

o Special Access Program (SAP) Special Security Officer

o Graded Safeguards Table (GST)

o HS Secure Telephone (STE) Inventory

o Department of Homeland Security (DHS) Dailey Threat Assessments

- Terrorist Sponsoring Country Visits for Approval to Work at SC labs

- Counterterrorism Daily Intel Review

o Initiating Unlawful Intelligence Activities Reports (quarterly)

o Conducting BioSurety Activities – Biweekly to Monthly

o DOE Committee of Foreign Investment in the United States (CFIUS)

o Biological Weapons Convention-Annually

o Protection of Biological and Nano Assets –Biweekly

o International and State Department Reviews - Biweekly

Carolyn Murphy

Lucretia Johnson

Tara Washington

Personnel Security

P.L. 79-585 The Atomic Energy Act of 1946 (informally known as the McMahon Act)

P.L. 83-703 (68 Stat. 919) The Atomic Energy Act of 1954

NISP National Industrial Security Policy

10 CFR 710 Criteria and Procedures for Determining Eligibility for Access to Classified Matter or Special Nuclear Material

NIST SP 800-76-1 Biometric Data Specification for Personal Identity Verification

DOE O 142.1 Classified Visits Involving Foreign Nationals

DOE O 142.2A Voluntary Offer Safeguards Agreement and Additional Protocol with the International Atomic Energy Agency

DOE O 142.3 Unclassified Foreign Visits and Assignments Program

DOE N 150.1 Continuity of Operations

DOE P 470.1 Integrated Safeguards and Security Management (ISSM) Policy

DOE N 470.3 Reciprocal Recognition of Existing Personnel Security Clearances

DOE M 470.4-4 Information Security

DOE M 470.4-5 Personnel Security

DOE M 470.4-7 Safeguards and Security Program References

DOE M 471.1-1, Change 1 Identification and Protection of Unclassified Controlled Nuclear Information Manual

DOE O 471.1A Identification and Protection of Unclassified Controlled Nuclear Information

DOE M 471.2-3A Special Access Program Policies, Responsibilities, and Procedures (Official Use Only)

DOE M 471.2-4 Technical Surveillance Countermeasures (Official Use Only)

DOE O 471.3 Identifying and Protecting Official Use Only Information

DOE M 471.3-1 Manual for Identifying and Protecting Official Use Only Information

DOE O 475.1 Counterintelligence Program

DOE M 475.1-1A Identifying Classified Information

DOE O 5610.2 , Change 1 Control of Weapon Data

DOE O 5639.8A Security of Foreign Intelligence Information and Sensitive Compartmented Information Facilities

DOE O 5670.1A Management and Control of Foreign Intelligence

DOE G 241.1-1A Guide to the Management of Scientific and Technical Information

DOE G 471.3-1 Guide to Identifying Official Use Only Information

FIPS 201-1, Change 1 Personal Identity Verification (PIV) of Federal Employees and Contractors

SCMS S&S, and Emergency Management Chapters:

3.0 Management System Operation

3.1 Overview

3.2.1.2 Protective Force 3.2.1.6 Personnel Security 3.2.1.7 Unclassified Visits and Assignments by Foreign Nationals

3.2.2 Emergency Management

Duties:

o Implementing the Homeland Security Presidential Directive (HSPD-12)

o Processing Temp & Contractors Badge Request

o Processing Temp & Contractors Terminations

o Handling Contractor Clearances

o Requesting an Access Authorization

o Maintaining Security Awareness

o Authorizing Access to Sensitive Compartmented Information (SCI)

o Requesting Classified Visits

o Addressing and Identifying Foreign Ownership, Control, or Influence (FOCI)

o Establishing Access Authorizations (AA) for Certain Key Management Personnel (KMP) and Exclusion Procedures

o Processing T-5, Foreign Visit Assignment (FVA) Requests

o Processing Unclassified Visits and Assignments by Foreign Nationals

o Report Foreign Contacts

o Entering Requests into the Foreign Access Central Tracking System (FACTS)

o Verifying the Indices Check

o Preparing a Specific Security Plan

o Notifying the Host of a Foreign National Visitor’s Arrival

o Approving a Visit or Assignment of a National from a State Sponsor of Terrorism in the Foreign Access Central Tracking System (FACTS)

o Verifying Approval of an Unclassified Foreign Visit or Assignment

o Processing Clearances, Sensitive Compartmented Information (SCI) and Badges Requests

o Coordinating J-1 Visa Waivers

Nancy Day

Program Analyst

P.L. 79-585 The Atomic Energy Act of 1946 (informally known as the McMahon Act)

P.L. 83-703 (68 Stat. 919) The Atomic Energy Act of 1954

10 CFR 1046 Physical Protection of Security Interests

10 CFR 710 Criteria and Procedures for Determining Eligibility for Access to Classified Matter or Special Nuclear Material

PCSP Program Cyber Security Plan (PCSP)

DOE O 142.1 Classified Visits Involving Foreign Nationals

DOE O 142.2A Voluntary Offer Safeguards Agreement And Additional Protocol With The International Atomic Energy Agency

DOE O 142.3 Unclassified Foreign Visits And Assignments Program

DOE N 150.1 Continuity of Operations

DOE O 151.1C Comprehensive Emergency Management System

DOE N 153.2 Connectivity To National Atmospheric Release Advisory Center (NARAC)

DOE N 205.2 Foreign National Access to DOE Cyber Systems

DOE N 206.3 Personal Identity Verification

DOE M 452.4-1A Protection of Use Control Vulnerabilities and Designs

DOE O 457.1 Nuclear Counterterrorism

DOE M 457.1-1 Control of Improvised Nuclear Device Information (Official Use Only)

DOE P 470.1 Integrated Safeguards and Security Management (ISSM) Policy

DOE N 470.3 Reciprocal Recognition of Existing Personnel Security Clearance

DOE O 470.3A Design Basis Threat Policy (Classified)

DOE O 470.4 Safeguards and Security Program

DOE M 470.4-1, Change 1 Safeguards and Security Program Planning and Management

DOE M 470.4-2, Change 1 Physical Protection

DOE M 470.4-3, Change 1 Protective Force

DOE M 470.4-5 Personnel Security

DOE M 470.4-6, Change 1 Nuclear Material Control And Accountability

DOE M 470.4-7 Safeguards and Security Program References

DOE M 471.2-3A Special Access Program Policies, Responsibilities, and Procedures (Official Use Only)

DOE O 475.1 Counterintelligence Program

DOE O 5530.2 Nuclear Emergency Search Team

DOE O 5530.3, Change 1 Radiological Assistance Program

DOE O 5530.4 Aerial Measuring System

DOE O 5530.5, Change 1 Federal Radiological Monitoring and Assessment Center

DOE O 5610.2, Change 1 Control Of Weapon Data

DOE O 5639.8A Security Of Foreign Intelligence Information and Sensitive Compartmented Information Facilities

DOE O 5660.1B Management of Nuclear Materials

DOE O 5670.1A Management and Control of Foreign Intelligence

DOE G 200.1-1 Software Engineering Methodology TOC

NIST SP 800-50* Building an Information Technology Security Awareness and Training Program

SCMS S&S, and Emergency Management Chapters:

1.0 Purpose

2.0 Responsibilities

3.0 Management System Operation

3.1 Overview

4.0 Requirements

4.1 Primary Responsibility 4.2 Parsed Responsibility 5.0 Subject Areas, Program Descriptions, and Legacy Documents

6.0 References

Duties:

o Making Division Travel Arrangements Including Preparation of Itineraries, Authorizations, Vouchers, Reservations and any Required Notifications

o Reviewing , Evaluating, Controlling and Tracking the Status of Action Items

o Updating the Contents of Site Profiles

o Ensuring Classified Working Papers Do Not Exceed the 180 Day Expiration Dates

o Filing and Assisting with Staff Correspondence and Appointment Memos

o Maintaining Room G222 Access Logs and Retaining Staff Travel and Training Records

o Reviewing Plans of Action and Milestones Provided by the SC Sites to Identify Crosscutting Issues

o Making Recommendations for Improvements and Raising Issues Identified to the Director of S&S to Assure Continuous Monitoring of Cyber Improvements on a Quarterly Basis for the Report Delivery to the Office of the Chief Information Officer

o Reviewing, Evaluating, and Updating the Contents of the Office of the Chief Information Officer, the OMB, the IG and the Office of Health, Safety and Security (HSS) Data Calls to assure Responses are Accurate by the Established Due Date

o Overseeing the Update of the SC Port Assignment Log by Staff

All S&S Responsible
10 CFR 830 Subpart A	Quality Assurance Requirements
DOE O 210.2	DOE Corporate Operating Experience Program
DOE O 226.1A	Implementation of Department of Energy Oversight Policy
DOE P 226.1A	Department of Energy Oversight Policy
DOE O 414.1C	Quality Assurance
DOE O 470.2B	Independent Oversight and Performance Assurance Program
DUTIES AS ASSIGNED
	Safeguards and Security Oversight Activities
	Energy Systems Acquisition Advisory Boards (ESSAABs)
	Conduct Assessments
	Conduct Surveys
	Field Incidents and Assistance
	Freedom of Information Act (FOIA) Reviews for Germantown
	Attend Science & Technology (S&T) Sessions.
	Homeland Security Counsel Policy Reviews
	Government Accounting Office/Inspector General (GAO/IG) Drafts and Audits
	Counter Intelligence (CI) Consultations
	Review CI Reports
	National Security Studies Program (NSSP) DOECAST & Panel.
	Capitol Hill Requests for Documentation & Briefings