Add files using upload-large-folder tool

markdown/dod/cjcsn5760.md

@@ -0,0 +1,37 @@
+# Chairman Of The Joint Chiefs Of Staff Notice Directive Current As 31 January 2008 Dom/Sjs Cjcsn 5760 Distribution:  A, B, C, J 7 September 2006
+
+
+PRESERVATION OF HISTORICAL RECORDS OF OPERATIONS ENDURING
+FREEDOM AND NOBLE EAGLE AND PERTAINING TO IRAQ
+
+References:
+
+a.  Deputy Secretary of Defense memorandum, 1 May 2002,"Historical Record of Operations Enduring Freedom and Noble Eagle"
+
+b.  Deputy Secretary of Defense memorandum, 28 March 2003, "Historical Records Pertaining to Iraq"
+
+1.  Purpose.  To disseminate information on the requirement to retain records relating to Operations ENDURING FREEDOM and NOBLE EAGLE and pertaining to Iraq.
+
+2.  Cancellation.  CJCSN 5760, 5 June 2002, is canceled.
+
+
+3.  Applicability.  This notice is applicable to the Joint Staff, Services, combatant commands, Defense agencies, and joint activities.
+
+4.  Background.  Operations ENDURING FREEDOM and NOBLE EAGLE and current operations pertaining to Iraq are a prominent part of American and world history.  It is important that we preserve the historical records of these continuing operations and we obtain information and lessons that can be applied in planning, shaping, and implementing our national defense in the future. 5.  Action or Procedure a.  The Deputy Secretary of Defense has requested (references) that appropriate action be taken to identify and preserve all documentary materials pertaining to the entire ENDURING FREEDOM and NOBLE EAGLE operations and Iraq (e.g., supporting and implementing documents, case management files, procurement records, transportation records, and financial accounting records).
+
+
+b.  All elements of the Department of Defense should identify, collect, organize, and preserve documents, to include records pertaining to intelligence and documents in special control channels (e.g, Focal Point), both paper and electronic, pertinent to their activities in connection with these operations. These programs are of vital importance for recording the history of ENDURING FREEDOM, NOBLE EAGLE, and Iraq and facilitating the preparation of studies and analyses of policies, plans, operations, technology, logistics, and personnel.  The benefits to be derived from this documentation of our experience may be invaluable. c.  Records management and disposition guidance for the Joint Staff is contained in CJCSI 5760.01 and CJCSM 5760.01, Volumes I and II are located on the CJCS Directives Internet Home Page cited below.
+
+6.  Releasability.  This notice is approved for public release; distribution is unlimited.  DOD components (to include the combatant commands), other federal agencies, and the public may obtain copies of this notice through the Internet from the CJCS Directives Home Page-- http://www.dtic.mil/cjcs_directives.
+
+7.  Effective Date.  This notice is effective upon receipt and will remain in effect until formally canceled.
+
+
+
+MARLON K. BECK
+
+
+Colonel, USA
+
+
+Secretary, Joint Staff

markdown/dod/d5200_27.md

@@ -0,0 +1,127 @@
+## Directive
+
+January 7, 1980
+USD(P)
+
+## Subject:  Acquisition Of Information Concerning Persons And Organizations Not Affiliated With The Department Of Defense
+
+References: (a)  DoD Directive 5200.27, subject as above, December 8, 1975 (hereby canceled)
+(b)  DoD Directive 5240.1, "Activities of DoD Intelligence Components that Affect
+U.S. Persons," November 30, 1979
+
+
+## 1.  Reissuance And Purpose
+
+This Directive reissues reference (a) to establish for the Defense Investigative Program general policy, limitations, procedures, and operational guidance pertaining to the collecting, processing, storing, and disseminating of information concerning persons and organizations not affiliated with the Department of Defense.
+
+## 2.  Applicability And Scope
+
+2.1.  Except as provided by paragraph 2.3., below, this Directive is applicable to the Office of the Secretary of Defense, Military Departments, Office of the Joint Chiefs of Staff, Unified and Specified Commands, and the Defense Agencies (hereafter referred to as "DoD Components").
+
+2.2.  The provisions of this Directive encompass the acquisition of information concerning the activities of:
+2.2.1.  Persons and organizations, not affiliated with the Department of Defense, within the 50 States, the District of Columbia, the Commonwealth of Puerto Rico, and U.S. territories and possessions; and
+2.2.2.  Non-DoD-affiliated U.S. citizens anywhere in the world.
+
+2.3.  This Directive is not applicable to DoD intelligence components as defined by DoD
+Directive 5240.1 (reference (b)).
+
+2.4.  Authority to act for the Secretary of Defense in matters in this Directive that require specific approval are delineated in enclosure 1.
+
+## 3.  Policy
+
+3.1.  DoD policy prohibits collecting, reporting, processing, or storing information on individuals or organizations not affiliated with the Department of Defense, except in those limited circumstances where such information is essential to the accomplishment of the DoD
+missions outlined below.
+
+3.2.  Information-gathering activities shall be subject to overall civilian control, a high level of general supervision and frequent inspections at the field level.
+
+3.3.  Where collection activities are authorized to meet an essential requirement for information, maximum reliance shall be placed upon domestic civilian investigative agencies, Federal, State, and local.
+
+3.4.  In applying the criteria for the acquisition and retention of information established pursuant to this Directive, due consideration shall be given to the need to protect DoD functions and property in the different circumstances existing in geographic areas outside the United States.  Relevant factors include:
+
+3.4.1.  The level of disruptive activity against U.S. Forces; 3.4.2.  The competence of host-country investigative agencies; 3.4.3.  The degree to which U.S. Military and host-country agencies exchange
+investigative information;
+3.4.4.  The absence of other U.S. investigative capabilities; and 3.4.5.  The unique and vulnerable position of U.S. Forces abroad.
+
+
+## 4.  Authorized Activities
+
+The DoD Components are authorized to gather information essential to the accomplishment of the following defense missions:
+4.1.  Protection of DoD Functions and Property.  Information may be acquired about activities threatening defense military and civilian personnel and defense activities and installations, including vessels, aircraft, communications equipment, and supplies.  Only the following types of activities justify acquisition of information under the authority of this paragraph:
+4.1.1.  Subversion of loyalty, discipline, or morale of DoD military or civilian personnel by actively encouraging violation of law, disobedience of lawful order or regulation, or disruption of military activities.
+
+4.1.2.  Theft of arms, ammunition, or equipment, or destruction or sabotage of facilities, equipment, or records belonging to DoD units or installations.
+
+4.1.3.  Acts jeopardizing the security of DoD elements or operations or compromising classified defense information by unauthorized disclosure or by espionage.
+
+4.1.4.  Unauthorized demonstrations on Active or Reserve DoD installations.
+
+4.1.5.  Direct threats to DoD military or civilian personnel in connection with their official duties or to other persons who have been authorized protection by DoD resources.
+
+4.1.6.  Activities endangering facilities that have classified defense contracts or that have been officially designated as key defense facilities.
+
+4.1.7.  Crimes for which the Department of Defense has responsibility for investigating or prosecuting.
+
+4.2.  Personnel Security.  Investigations may be conducted in relation to the following categories of persons:
+4.2.1.  Members of the Armed Forces, including retired personnel, members of the Reserve components, and applicants for commission or enlistment.
+
+4.2.2.  DoD civilian personnel and applicants for such status.
+
+4.2.3.  Persons having need for access to official information requiring protection in the interest of national defense under the DoD Industrial Security Program or being considered for participation in other authorized DoD programs.
+
+4.3.  Operations Related to Civil Disturbance.  The Attorney General is the chief civilian officer in charge of coordinating all Federal Government activities relating to civil disturbances. Upon specific prior authorization of the Secretary of Defense or his designee, information may be acquired that is essential to meet operational requirements flowing from the mission assigned to the Department of Defense to assist civil authorities in dealing with civil disturbances.  Such authorization will only be granted when there is a distinct threat of a civil disturbance exceeding the law enforcement capabilities of State and local authorities.
+
+## 5.  Prohibited Activities
+
+5.1.  The acquisition of information on individuals or organizations not affiliated with the DoD will be restricted to that which is essential to the accomplishment of assigned DoD missions under this Directive.
+
+5.2.  No information shall be acquired about a person or organization solely because of lawful advocacy of measures in opposition to Government policy.
+
+5.3.  There shall be no physical or electronic surveillance of Federal, State, or local officials or of candidates for such offices.
+
+5.4.  There shall be no electronic surveillance of any individual or organization, except as authorized by law.
+
+5.5.  There shall be no covert or otherwise deceptive surveillance or penetration of civilian organizations unless specifically authorized by the Secretary of Defense, or his designee.
+
+5.6.  No DoD personnel will be assigned to attend public or private meetings, demonstrations, or other similar activities for the purpose of acquiring information, the collection of which is authorized by this Directive without specific prior approval by the Secretary of Defense, or his designee.  An exception to this policy may be made by the local commander concerned, or higher authority, when, in his judgment, the threat is direct and immediate and time precludes obtaining prior approval.  In each such case a report will be made immediately to the Secretary of Defense, or his designee.
+
+5.7.  No computerized data banks shall be maintained relating to individuals or organizations not affiliated with the Department of Defense, unless authorized by the Secretary of Defense, or his designee.
+
+## 6.  Operational Guidance
+
+6.1.  Nothing in this Directive shall be construed to prohibit the prompt reporting to law enforcement agencies of any information indicating the existence of a threat to life or property, or the violation of law, nor to prohibit keeping a record of such a report.
+
+6.2.  Nothing in this Directive shall be construed to restrict the direct acquisition by overt means of the following information:
+6.2.1.  Listings of Federal, State, and local officials who have official responsibilities related to the control of civil disturbances.  Such listings may be maintained currently.
+
+6.2.2.  Physical data on vital public or private installations, facilities, highways, and utilities, as appropriate, to carry out a mission assigned by this Directive.
+
+6.3.  Access to information obtained under the provisions of this Directive shall be restricted to Governmental Agencies that require such information in the execution of their duties.
+
+6.4.  Information within the purview of this Directive, regardless of when acquired, shall be destroyed within 90 days unless its retention is required by law or unless its retention is specifically authorized under criteria established by the Secretary of Defense, or his designee.
+
+6.5.  This Directive does not abrogate any provision of the Agreement Governing the Conduct of Defense Department Counterintelligence Activities in Conjunction with the Federal Bureau of Investigation, April 5, 1979, nor preclude the collection of information required by Federal statute or Executive order.
+
+## 7.  Effective Date And Implementation
+
+This Directive is effective immediately.  Forward two copies of implementing regulations to the Deputy Under Secretary of Defense (Policy Review) within 120 days.
+
+
+
+## Enclosures - 1 E1.  Delegation Of Authority E1.  Enclosure 1
+
+DELEGATION OF AUTHORITY
+
+
+E1.1.1.  The Secretary of the Army is designated to authorize those activities delineated in paragraph 4.3., basic Directive.  This authority may not be further delegated to other than the Under Secretary of the Army.
+
+E1.1.2.  The Deputy Under Secretary of Defense (Policy Review) (DUSD(PR)) is designated to authorize those activities delineated in paragraph 5.5., basic Directive, within the
+50 States, the District of Columbia, the Commonwealth of Puerto Rico, and U.S. territories and possessions.  This authority may not be delegated.  The investigating DoD Component, prior to requesting approval for authorizations under this provision, shall coordinate prospective activities with the Federal Bureau of Investigation.
+
+E1.1.3.  The DUSD(PR) and the Secretaries of the Military Departments are designated to authorize those activities (delineated in paragraph 5.5., basic Directive) abroad1 when membership of the civilian organization is reasonably expected to include a significant number of non-DoD-affiliated U.S. citizens.  This authority may not be further delegated to other than the Under Secretaries of the Military Departments.  When the Military Department Secretary or Under Secretary exercises this delegation of authority, the DUSD(PR) shall be advised promptly.
+
+E1.1.4.  The Secretaries of the Military Departments are designated to authorize in their Departments those activities delineated in paragraph 5.6., basic Directive, within the 50 States, the District of Columbia, the Common wealth of Puerto Rico, and U.S. territories and possessions.  This authority may not be further delegated to other than the Under Secretaries of the Military Departments.
+
+E1.1.5.  The Secretaries of the Military Departments are designated to authorize in their Departments those activities (delineated in paragraph 5.6., basic Directive) abroad1 when a significant number of non-DoD-affiliated U.S. citizens are expected to be present.  This authority may be further delegated, in writing, as circumstances warrant, to an authorized designee.  The DUSD(PR) will be notified immediately of such further delegations of authority.  When the Secretary or Under Secretary of a Military Department or his designee exercises this delegated authority, the DUSD(PR) shall be advised promptly.
+
+E1.1.6.  The DUSD(PR) is designated to authorize those activities delineated in paragraphs
+5.7. and 6.4., basic Directive.  These authorities may not be further delegated.

markdown/dod/d5240_1_r.md

@@ -0,0 +1,277 @@
+# Department Of Defense Procedures Governing The Activities Of Dod Intelligence Components That Affect United States Persons
+
+DECEMBER 1982
+Incorporating Change 2, Effective April 26, 2017
+(see DoD Directive 5148.13)
+UNDER SECRETARY OF DEFENSE FOR POLICY
+
+## Foreword
+
+This DoD regulation sets forth procedures governing the activities of DoD
+intelligence components that affect United States persons. It implements DoD
+Directive 5240.1, and rep1aces the November 30, 1979 version of DoD Regulation
+5240.1-R. It is app1icab1e to a11 DoD inte11igence components.
+
+Executive Order 12333, "United States Inte11igence Activities," stipu1ates that certain activities of intelligence components that affect U.S: persoIis-'De governed by procedures issued by the agency head and approved by the Attorney
+
+                                                                                                                                                                    ,
+                                                                 es 1 through 10, as well as Appendix A, herein
+Genera1.
+                    Specifical1y, procedu
+require approval by the Attorney General.
+                                                                                          Procedures 11 through 15, while not
+requiring approval by the Attorney Genera1. contain further guidance to DoD
+Components in imp1ementing Executive Order 12333 as we11 as Executive Order
+
+                                                               ."
+12334, "President's Intelligence Oversight Board
+
+    Accordingly, by this memorandum, these procedures are approved for use
+within the Department of Defense.
+                                     Heads of DoD components shall issue such
+implementing instructions as may be necessary for the conduct of authorized
+functions in a manner consistent with the procedures set forth herein.
+
+This regulation is effective immediately.
+
+## Table Of Contents
+
+Page
+
+The definitions and Procedures 1-10 were removed 8/8/2016 as a result of the publication of DoD Manual 5240.01.
+
+| FOREWORD                                                            |   2 |
+|---------------------------------------------------------------------|-----|
+|                                                                     |     |
+| TABLE OF CONTENTS                                                   |   3 |
+|                                                                     |     |
+| REFERENCES                                                          |   6 |
+|                                                                     |     |
+| DEFINITIONS                                                         |   7 |
+|                                                                     |     |
+| CHAPTER 1 - PROCEDURE 1.  GENERAL PROVISIONS                        |  13 |
+|                                                                     |     |
+| C1.1.  APPLICABILITY AND SCOPE                                      |  13 |
+| C1.2.  SCOPE                                                        |  13 |
+| C1.3.  INTERPRETATION                                               |  14 |
+| C1.4.  EXCEPTIONS TO POLICY                                         |  14 |
+| C1.5.  AMENDMENT                                                    |  14 |
+|                                                                     |     |
+| CHAPTER 2 - PROCEDURE 2.  COLLECTION OF INFORMATION ABOUT           |     |
+| UNITED STATES PERSONS                                               |     |
+| 15                                                                  |     |
+|                                                                     |     |
+| C2.1.  APPLICABILITY AND SCOPE                                      |  15 |
+| C2.2.  EXPLANATION OF UNDEFINED TERMS                               |  15 |
+| C2.3.  TYPES OF INFORMATION THAT MAY BE COLLECTED ABOUT             |     |
+| UNITED STATES PERSONS                                               |     |
+| 16                                                                  |     |
+| C2.4.  GENERAL CRITERIA GOVERNING THE MEANS USED TO COLLECT         |     |
+| INFORMATION ABOUT UNITED STATES PERSONS                             |     |
+| 18                                                                  |     |
+| C2.5.  SPECIAL LIMITATION ON THE COLLECTION OF FOREIGN INTELLIGENCE |     |
+| WITHIN THE UNITED STATES                                            |     |
+| 18                                                                  |     |
+|                                                                     |     |
+| CHAPTER 3 - PROCEDURE 3.  RETENTION OF INFORMATION ABOUT            |     |
+| UNITED STATES PERSONS                                               |     |
+| 20                                                                  |     |
+|                                                                     |     |
+| C3.1.  APPLICABILITY                                                |  20 |
+| C3.2.  EXPLANATION OF UNDEFINED TERMS                               |  20 |
+| C3.3.  CRITERIA FOR RETENTION                                       |  20 |
+| C3.4.  ACCESS AND RETENTION                                         |  21 |
+|                                                                     |     |
+| CHAPTER 4 - PROCEDURE 4.  DISSEMINATION OF INFORMATION ABOUT        |     |
+| UNITED STATES PERSONS                                               |     |
+| 22                                                                  |     |
+|                                                                     |     |
+| C4.1.  APPLICABILITY AND SCOPE                                      |  22 |
+| C4.2.  CRITERIA FOR DISSEMINATION                                   |  22 |
+| C4.3.  OTHER DISSEMINATION                                          |  23 |
+|                                                                     |     |
+
+## Table Of Contents, Continued
+
+Page
+CHAPTER 10 - PROCEDURE 10.  UNDISCLOSED PARTICIPATION IN ORGANIZATIONS
+49 C10.1.  APPLICABILITY
+49
+    C10.2.  EXPLANATION OF UNDEFINED TERMS
+49
+    C10.3.  PROCEDURES FOR UNDISCLOSED PARTICIPATION
+50
+    C10.4.  DISCLOSURE REQUIREMENT
+53 CHAPTER 11 - PROCEDURE 11.  CONTRACTING FOR GOODS AND SERVICES
+54 C11.1.  APPLICABILITY
+54
+    C11.2.  PROCEDURES
+54
+    C11.3.  EFFECT OF NONCOMPLIANCE
+55 CHAPTER 12 - PROCEDURE 12.  PROVISION OF ASSISTANCE TO LAW ENFORCEMENT AUTHORITIES
+56 C12.1.  APPLICABILITY
+56
+    C12.2.  PROCEDURES
+56 CHAPTER 13 - PROCEDURE 13.  EXPERIMENTATION ON HUMAN SUBJECTS FOR INTELLIGENCE PURPOSES
+58 C13.1.  APPLICABILITY
+58
+    C13.2.  EXPLANATION OF UNDEFINED TERMS
+58
+    C13.3.  PROCEDURES
+58 CHAPTER 14 - PROCEDURE 14.  EMPLOYEE CONDUCT
+60 C14.1.  APPLICABILITY
+60
+    C14.2.  PROCEDURES
+60
+
+CHAPTER 15 - PROCEDURE 15.  IDENTIFYING, INVESTIGATING, AND REPORTING QUESTIONABLE ACTIVITIES
+62 C15.1.  APPLICABILITY
+62
+    C15.2.  EXPLANATION OF UNDEFINED TERMS
+62
+    C15.3.  PROCEDURES
+62
+
+## References
+
+(a)  Executive Order 12333, "United States Intelligence Activities," December 4, 1981 (b)  Public Law 95-511, "Foreign Intelligence Surveillance Act of 1978" (c)  DoD Directive 5200.29, "DoD Technical Surveillance Countermeasures (TSCM)
+Survey Program," February 12, 1975
+(d)  Chapters 105 and 119 of title 18, United States Code (e)  Public Law 73-416, "Communications Act of 1934," Section 605 (f)  Sections 801-840 of title 10, United States Code, "Uniform Code of Military
+Justice"
+(g)  Agreement Between the Deputy Secretary of Defense and Attorney General, April 5,
+1979
+(h)  Executive Order 12198, "Prescribing Amendments to the Manual for
+Courts-Martial, United States, 1969," March 12, 1980
+(i)  DoD Directive 5525.5, "DoD Cooperation with Civilian Law Enforcement Officials,"
+March 22, 1982
+(j)  DoD Directive 5000.11, "Data Elements and Data Codes Standardization Program,"
+December 7, 1964
+(k)  DoD Directive 5000.19, "Policies for the Management and Control of Information
+Requirements," March 12, 1976
+
+## C11.  Chapter 11 Procedure 11.   Contracting For Goods And Services C11.1.  Applicability
+
+This procedure applies to contracting or other arrangements with United States persons for the procurement of goods and services by DoD intelligence components within the United States.   This procedure does not apply to contracting with government entities, or to the enrollment of individual students in academic institutions.   The latter situation is governed by Procedure 10.
+
+## C11.2.  Procedures
+
+C11.2.1.  Contracts with Academic Institutions.   DoD intelligence components may enter into a contract for goods or services with an academic institution only if prior to the making of the contract, the intelligence component has disclosed to appropriate officials of the academic institution the fact of sponsorship by a DoD intelligence component.
+
+C11.2.2.  Contracts with Commercial Organizations, Private Institutions, and Individuals.   Contracting by or for a DoD intelligence component with commercial organizations, private institutions, or private individuals within the United States may be done without revealing the sponsorship of the intelligence component if:
+C11.2.2.1.  The contract is for published material available to the general public or for routine goods or services necessary for the support of approved activities, such as credit cards, car rentals, travel, lodging, meals, rental of office space or apartments, and other items incident to approved activities; or C11.2.2.2.  There is a written determination by the Secretary or the Under Secretary of a Military Department, the Director of the National Security Agency, the Director of the Defense Intelligence Agency, or the Deputy Under Secretary of Defense (Policy) that the sponsorship of a DoD intelligence component must be concealed to protect the activities of the DoD intelligence component concerned.
+
+## C11.3.  Effect Of Noncompliance
+
+No contract shall be void or voidable for failure to comply with this procedure.
+
+## C12.  Chapter 12 Procedure 12.   Provision Of Assistance To Law Enforcement Authorities C12.1.  Applicability
+
+This procedure applies to the provision of assistance by DoD intelligence components to law enforcement authorities.   It incorporates the specific limitations on such assistance contained in E.O. 12333 (reference (a)), together with the general limitations and approval requirements of DoD Directive 5525.5 (reference (i)).
+
+## C12.2.  Procedures
+
+C12.2.1.  Cooperation with Law Enforcement Authorities.   Consistent with the limitations contained in DoD Directive 5525.5 (reference (i)), and paragraph C12.2.2., below, DoD intelligence components are authorized to cooperate with law enforcement authorities for the purpose of:
+C12.2.1.1.  Investigating or preventing clandestine intelligence activities by foreign powers, international narcotics activities, or international terrorist activities;
+C12.2.1.2.  Protecting DoD employees, information, property, and facilities;
+and C12.2.1.3.  Preventing, detecting, or investigating other violations of law.
+
+C12.2.2.  Types of Permissible Assistance.   DoD intelligence components may provide the following types of assistance to law enforcement authorities:
+C12.2.2.1.  Incidentally acquired information reasonably believed to indicate a violation of Federal law shall be provided in accordance with the procedures adopted pursuant to section 1.7(a) of E.O. 12333 (reference (a));
+C12.2.2.2.  Incidentially acquired information reasonably believed to indicate a violation of State, local, or foreign law may be provided in accordance with procedures adopted by the Heads of DoD Components;
+C12.2.2.3.  Specialized equipment and facilities may be provided to Federal law enforcement authorities, and, when lives are endangered, to State and local law enforcement authorities, provided such assistance is consistent with, and has been approved by an official authorized pursuant to, Enclosure 3 of DoD Directive 5525.5 (reference (i)); and C12.2.2.4.  Personnel who are employees of DoD intelligence components may be assigned to assist Federal law enforcement authorities, and, when lives are endangered, State and local law enforcement authorities, provided such use is consistent with, and has been approved by an official authorized pursuant to, Enclosure 4 of DoD Directive 5525.5 (reference (i)).   Such official shall ensure that the General Counsel of the providing DoD Component concurs in such use.
+
+C12.2.2.5.  Assistance may be rendered to law enforcement agencies and security services of foreign governments or international organizations in accordance with established policy and applicable Status of Forces Agreements; provided, that DoD intelligence components may not request or participate in activities of such agencies undertaken against United States persons that would not be permitted such components under these procedures.
+
+## C13.  Chapter 13 Procedure 13.   Experimentation On Human Subjects For Intelligence Purposes C13.1.  Applicability
+
+This procedure applies to experimentation on human subjects if such experimentation is conducted by or on behalf of a DoD intelligence component.   This procedure does not apply to experimentation on animal subjects.
+
+## C13.2.  Explanation Of Undefined Terms
+
+C13.2.1.  Experimentation in this context means any research or testing activity involving human subjects that may expose such subjects to the possibility of permanent or temporary injury (including physical or psychological damage and damage to the reputation of such persons) beyond the risks of injury to which such subjects are ordinarily exposed in their daily lives.
+
+C13.2.2.  Experimentation is conducted on behalf of a DoD intelligence component if it is conducted under contract to that component or to another DoD Component for the benefit of the intelligence component or at the request of such a component regardless of the existence of a contractual relationship.
+
+C13.2.3.  Human subjects in this context includes any person whether or not such person is a United States person.
+
+## C13.3.  Procedures
+
+C13.3.1.  Experimentation on human subjects conducted by or on behalf of a DoD
+intelligence component may be undertaken only with the informed consent of the subject, in accordance with guidelines issued by the Department of Health and Human Services, setting out conditions that safeguard the welfare of such subjects.
+
+C13.3.2.  DoD intelligence components may not engage in or contract for experimentation on human subjects without approval of the Secretary or Deputy Secretary of Defense, or the Secretary or Under Secretary of a Military Department, as appropriate.
+
+## C14.  Chapter 14 Procedure 14.   Employee Conduct C14.1.  Applicability
+
+This procedure sets forth the responsibilities of employees of DoD intelligence components to conduct themselves in accordance with this Regulation and other applicable policy.   It also provides that DoD intelligence components shall ensure, as appropriate, that these policies and guidelines are made known to their employees.
+
+## C14.2.  Procedures
+
+C14.2.1.  Employee Responsibilities.   Employees shall conduct intelligence activities only pursuant to, and in accordance with, Executive Order 12333 (reference (a)) and this Regulation.   In conducting such activities, employees shall not exceed the authorities granted the employing DoD intelligence component by law; Executive order, including E.O. 12333 (reference (a)), and applicable DoD Directives.
+
+## C14.2.2.  Familiarity With Restrictions
+
+C14.2.2.1.  Each DoD intelligence component shall familiarize its personnel with the provisions of E.O. 12333 (reference (a)), this Regulation, and any instructions implementing this Regulation that apply to the operations and activities of such component.   At a minimum, such familiarization shall contain:
+C14.2.2.1.1.  Applicable portions of Procedures 1 through 4;
+C14.2.2.1.2.  A summary of other procedures that pertains to collection techniques that are, or may be, employed by the DoD intelligence component concerned; and C14.2.2.1.3.  A statement of individual employee reporting responsibility under Procedure 15.
+
+C14.2.2.2.  The Assistant to the Secretary of Defense (Intelligence Oversight)
+(ATSD(IQ)) and each Inspector General responsible for a DoD intelligence component shall ensure, as part of their inspections, that procedures are in effect that will achieve the objectives set forth in subparagraph C14.2.2.1., above.
+
+C14.2.3.  Responsibilities of the Heads of DoD Components.   The Heads of DoD
+Components that constitute, or contain, DoD intelligence components shall:
+C14.2.3.1.  Ensure that all proposals for intelligence activities that may be unlawful, in whole or in part, or may be contrary to applicable Executive Branch or DoD policy are referred to the General Counsel responsible for such component.
+
+C14.2.3.2.  Ensure that no adverse action is taken against any employee because the employee reports activities pursuant to Procedure 15.
+
+C14.2.3.3.  Impose such sanctions as may be appropriate upon any employee who violates the provisions of this Regulation or any instruction promulgated thereunder.
+
+C14.2.3.4.  In any case involving serious or continuing breaches of security by either DoD or non-DoD employees, recommend to the Secretary of Defense appropriate investigative actions.
+
+C14.2.3.5.  Ensure that the General Counsel and Inspector General with responsibility for the component, as well as the General Counsel, DoD, and the ATSD(IO), have access to all information concerning the intelligence activities of that component necessary to perform their oversight responsibilities.
+
+C14.2.3.6.  Ensure that employees cooperate fully with the Intelligence Oversight Board and its representatives.
+
+## C15.  Chapter 15 Procedure 15.   Identifying, Investigating, And Reporting Qustionable Activities C15.1.  Applicability
+
+This procedure provides for the identification, investigation, and reporting of questionable intelligence activities.
+
+## C15.2.  Explanation Of Undefined Terms
+
+C15.2.1.  The term "questionable activity," as used herein, refers to any conduct that constitutes, or is related to, an intelligence activity that may violate the law, any Executive order or Presidential directive, including E.O. 12333 (reference (a)), or applicable DoD policy, including this Regulation.
+
+C15.2.2.  The terms "General Counsel" and "Inspector General," as used herein, refer, unless otherwise specified, to any General Counsel or Inspector General with responsibility for one or more DoD intelligence components.   Unless otherwise indicated, the term "Inspector General" shall also include the ATSD(IO).
+
+## C15.3.  Procedures C15.3.1.  Identification
+
+C15.3.1.1.  Each employee shall report any questionable activity to the General Counsel or Inspector General for the DoD intelligence component concerned, or to the General Counsel, DoD, or ATSD(IO).
+
+C15.3.1.2.  Inspectors General, as part of their inspection of DoD intelligence components, and General Counsels, as part of their oversight responsibilities shall seek to determine if such components are involved in any questionable activities.   If such activities have been or are being undertaken, the matter shall be investigated under paragraph C15.3.2., below.   If such activities have been undertaken, but were not reported, the Inspector General shall also ascertain the reason for such failure and recommend appropriate corrective action.
+
+C15.3.1.3.  Inspectors General, as part of their oversight responsibilities, shall, as appropriate, ascertain whether any organizations, staffs, or offices within their respective jurisdictions, but not otherwise specifically identified as DoD intelligence components, are being used for foreign intelligence or counterintelligence purposes to which Part 2 of E.O. 12333 (reference (a)), applies, and, if so, shall ensure the activities of such components are in compliance with this Regulation and applicable DoD policy.
+
+C15.3.1.4.  Inspectors General, as part of their inspection of DoD intelligence components, shall ensure that procedures exist within such components for the reporting of questionable activities, and that employees of such components are aware of their responsibilities to report such activities.
+
+## C15.3.2.  Investigation
+
+C15.3.2.1.  Each report of a questionable activity shall be investigated to the extent necessary to determine the facts and assess whether the activity is legal and is consistent with applicable policy.
+
+C15.3.2.2.  When appropriate, questionable activities reported to a General Counsel shall be referred to the corresponding Inspector General for investigation, and if reported to an Inspector General, shall be referred to the corresponding General Counsel to determine whether the activity is legal and consistent with applicable policy.   Reports made to the DoD General Counsel or the ATSD(IO) may be referred, after consultation between these officials, to the appropriate Inspector General and General Counsel for investigation and evaluation.
+
+C15.3.2.3.  Investigations shall be conducted expeditiously.   The officials responsible for these investigations may, in accordance with established procedures, obtain assistance from within the component concerned, or from other DoD Components, when necessary, to complete such investigations in a timely manner.
+
+C15.3.2.4.  To complete such investigations, General Counsels and Inspectors General shall have access to all relevant information regardless of classification or compartmentation.
+
+## C15.3.3.  Reports
+
+C15.3.3.1.  Each General Counsel and Inspector General shall report immediately to the General Counsel, DoD, and the ATSD(IO) questionable activities of a serious nature.
+
+C15.3.3.2.  Each General Counsel and Inspector General shall submit to the ATSD(IO) a quarterly report describing those activities that come to their attention during the quarter reasonably believed to be illegal or contrary to Executive order or Presidential directive, or applicable DoD policy; and actions taken with respect to such activities.   The reports shall also include significant oversight activities undertaken during the quarter and any suggestions for improvements in the oversight system. Separate, joint, or consolidated reports may be submitted.   These reports should be prepared in accordance with DoD Directive 5000.11 (reference (j)).
+
+C15.3.3.3.  All reports made pursuant to subparagraphs C15.3.3.1., and C15.3.3.2., above, which involve a possible violation of Federal criminal law shall be considered by the General Counsel concerned in accordance with the procedures adopted pursuant to section 1.7(a) of E.O. 12333 (reference (a)).
+
+C15.3.3.4.  The General Counsel, DoD, and the ATSD(IO) may review the findings of other General Counsels and Inspectors General with respect to questionable activities.
+
+C15.3.3.5.  The ATSD(IO) and the General Counsel, DoD, shall report in a timely manner to the White House Intelligence Oversight Board all activities that come to their attention that are reasonably believed to be illegal or contrary to Executive order or Presidential directive.   They will also advise appropriate officials of the Office of the Secretary of Defense of such activities.
+
+C15.3.3.6.  These reporting requirements are exempt from format approval and licensing in accordance with paragraph VII.G. of Enclosure 3 to DoD Directive 5000.19 (reference (k)).

markdown/dod/d8260_05.md

@@ -0,0 +1,132 @@
+## Directive Subject: Support For Strategic Analysis (Ssa) References: (A) Dod Directive 5100.01, "Functions Of The Department Of Defense And Its Major Components," December 21, 2010
+
+
+(b) DoD Directive 5105.21, "Defense Intelligence Agency (DIA),"
+
+
+March 18, 2008
+
+(c) DoD Directive 5111.1, "Under Secretary of Defense for Policy (USD(P)),"
+December 8, 1999
+
+(d) DoD Directive 5141.01, "Director, Program Analysis and Evaluation
+(PA&E)," March 16, 2006
+
+(e) DoD Instruction 8260.01, "Support for Strategic Analysis," January 11, 2007
+(hereby cancelled)
+
+(f) DoD 8910.1-M, "Department of Defense Procedures for Management of
+Information Requirements," June 30, 1998
+
+1.  PURPOSE.  This Directive:
+a.  Establishes policy and assigns responsibilities to provide SSA activities in accordance with References (a) through (d).
+
+
+
+b.  Supersedes and cancels Reference (e). 2.  APPLICABILITY.  This Directive applies to OSD, the Military Departments, the Office of the Chairman of the Joint Chiefs of Staff and the Joint Staff, the Combatant Commands, the Office of the Inspector General of the Department of Defense, the Defense Agencies, the DoD Field Activities, and all other organizational entities within the DoD (hereinafter referred to collectively as the "DoD Components"). 3.  DEFINITIONS.  See Glossary.
+
+4.  POLICY.  It is DoD policy that:
+a.  SSA products shall:
+
+(1)  Support deliberations by DoD senior leadership on strategy and planning, programming, budgeting, and execution system (PPBES) matters, including force sizing, shaping, and capability development. (2)  Provide a starting point for studies that support:
+
+
+(a)  Development and implementation of defense strategy and policy. (b)  The DoD PPBES.
+
+
+b.  SSA products shall include:
+
+
+(1)  Current baselines that reflect selected Combatant Commander (CCDR) plans and approved force management decisions.  These baselines shall NOT be used to evaluate CCDR
+plans or force management decisions.
+
+(2)  Near- to long-term scenarios, concepts of operation (CONOPS), forces, and baselines based upon plausible challenges requiring DoD resources and capabilities.
+
+c.  SSA product development shall be a collaborative and iterative process co-led, on behalf of the Secretary of Defense, by the Offices of the Director, Cost Assessment and Program Evaluation (DCAPE); the Under Secretary of Defense for Policy (USD(P)); and the Chairman of the Joint Chiefs of Staff.
+
+(1)  Where appropriate, SSA product development shall be coordinated with other Federal departments and agencies and with U.S. allies and partner countries.
+
+
+(2)  Data shall be collected from the DoD Components to develop SSA products, and relevant data shall be shared as appropriate.
+
+(3)  Issues not resolved during SSA product development shall be referred to the Secretary of Defense.
+
+d.  Studies supporting the development and implementation of defense strategy, planning and programming, and resourcing activities shall be archived by the DoD. e.  Best business practices shall be instituted to ensure that SSA products are readily available to the DoD Components.
+
+5.  RESPONSIBILITIES.  See Enclosure.
+
+
+6.  INFORMATION REQUIREMENTS.  The data collection activities described in this Directive are exempt from licensing in accordance with subparagraphs C4.4.1., C4.4.2., and C4.4.3. of DoD 8910.1-M (Reference (f)).
+
+
+7.  RELEASABILITY.  UNLIMITED.  This Directive is approved for public release and is available on the Internet from the DoD Issuances Website at http://www.dtic.mil/whs/directives.
+
+8.  EFFECTIVE DATE.  This Directive is effective upon its publication to the DoD Issuances Website. Enclosure Responsibilities Glossary
+
+
+## Enclosure Responsibilities
+
+ 1.  DCAPE.  The DCAPE, in addition to the responsibilities in section 4 of this enclosure, in collaboration with the USD(P) and the Chairman of the Joint Chiefs of Staff and in coordination with the Heads of the OSD and DoD Components, shall:
+a.  Co-chair and serve as the executive secretary of the governance group that oversees SSA
+activities. b.  Maintain the currency of DoD issuances that implement this Directive.
+
+
+c.  Identify and approve SSA baselines.  This approval authorizes the use of these baselines in the DoD PPBES. d.  Build and maintain a repository to facilitate the management and distribution of SSA
+products and associated data, as well as DoD Component studies and analyses supporting the development and implementation of defense strategy, planning and programming, and resourcing activities.
+
+2.  USD(P).  The USD(P), in addition to the responsibilities in section 4 of this enclosure, in collaboration with the DCAPE and the Chairman of the Joint Chiefs of Staff, and in coordination with the Heads of the OSD and DoD Components, shall:
+
+a.  Co-chair the governance group that oversees SSA activities. b.  Manage the development of, establish priorities among, and approve SSA scenarios.
+
+3.  DIRECTOR, DEFENSE INTELLIGENCE AGENCY (DIA).  The Director, DIA, under the authority, direction, and control of the Under Secretary of Defense for Intelligence, in addition to the responsibilities in section 4 of this enclosure and in coordination with the Heads of the OSD
+and DoD Components, shall provide timely, integrated, and validated intelligence estimates (including all-source data and CONOPS for non-U.S. state and non-state actors) for near- to long-term SSA products.  In this context, validation signifies approval of scenario assumptions that are plausible, rather than constituting a DIA assessment of likely future events. 4.  HEADS OF THE OSD AND DoD COMPONENTS.  The Heads of the OSD and DoD
+Components shall:
+a.  Provide Component-specific data necessary to develop SSA products, as requested by the DCAPE, the USD(P), or the Chairman of the Joint Chiefs of Staff.
+
+
+
+b.  Participate in the development of SSA products, ensuring OSD and DoD Componentspecific and joint capabilities and requirements are correctly represented.
+
+c.  Continue to fund the development and maintenance of data and tools needed to produce SSA products.
+
+d.  Use SSA products as starting points for OSD and DoD Component-level studies to support the development and implementation of defense strategy, to examine appropriate statutory requirements and responsibilities, and to support PPBES activities.
+
+
+5.  CHAIRMAN OF THE JOINT CHIEFS OF STAFF.  The Chairman of the Joint Chiefs of Staff, in addition to the responsibilities in section 4 of this enclosure, in collaboration with the DCAPE and the USD(P), and in coordination with the Heads of the OSD and DoD Components, shall:
+
+a.  Co-chair the governance group that oversees SSA activities.
+
+b.  Manage the development of and approve SSA CONOPS and forces. c.  Develop current baselines, in coordination with the CCDRs.  The Joint Staff shall ensure current baseline data is an accurate representation of selected CCDR plans and approved force management decisions. d.  Collect and make available to the DoD Components data on current operations to develop SSA products that inform studies on the global demands on U.S. forces and capabilities.
+
+
+## Glossary Part I.  Abbreviations And Acronyms
+
+ CCDR
+Combatant Commander CONOPS concepts of operation
+
+DCAPE
+Director, Cost Assessment and Program Evaluation DIA
+Defense Intelligence Agency
+
+
+PPBES
+planning, programming, budgeting, and execution system
+
+
+SSA
+support for strategic analysis
+
+
+USD(P)
+Under Secretary of Defense for Policy
+
+## Part Ii.  Definitions
+
+ These terms and their definitions are for the purpose of this Directive.
+
+baseline.  An integrated set of data used by the DoD Components as an agreed upon starting point for studies supporting the development and implementation of defense strategy and DoD
+PPBES activities.  Baselines are produced and reviewed in an open, collaborative, and transparent environment.
+
+scenario.  An account or synopsis of a projected course of action or events, with a focus on the strategic level of warfare.  Scenarios include information such as threat and friendly politicomilitary contexts and backgrounds, assumptions, constraints, limitations, strategic objectives, and other planning considerations. A scenario is intended to represent a plausible challenge and may not reflect the most likely events.
+
+strategic analysis.  Analysis conducted to inform senior leader deliberations and other studies on strategy, policy, and PPBES matters.

markdown/dod/dtm-19-008.md

@@ -0,0 +1,245 @@
+1000 DEFENSE PENTAGON
+
+WASHINGTON, D.C. 20301-1000
+July 31, 2019
+Incorporating Change 3, Effective August 26, 2021 MEMORANDUM FOR CHIEF MANAGEMENT OFFICER OF THE DEPARTMENT OF
+DEFENSE
+SECRETARIES OF THE MILITARY DEPARTMENTS CHAIRMAN OF THE JOINT CHIEFS OF STAFF UNDER SECRETARIES OF DEFENSE CHIEF OF THE NATIONAL GUARD BUREAU GENERAL COUNSEL OF THE DEPARTMENT OF DEFENSE DIRECTOR, COST ASSESSMENT AND PROGRAM
+EVALUATION
+INSPECTOR GENERAL OF THE DEPARTMENT OF DEFENSE DIRECTOR, OPERATIONAL TEST AND EVALUATION CHIEF INFORMATION OFFICER OF THE DEPARTMENT OF
+DEFENSE
+ASSISTANT SECRETARY OF DEFENSE FOR LEGISLATIVE
+AFFAIRS
+ASSISTANT TO THE SECRETARY OF DEFENSE FOR PUBLIC
+AFFAIRS
+DIRECTOR, NET ASSESSMENT
+DIRECTORS OF THE DEFENSE AGENCIES
+DIRECTORS OF THE DOD FIELD ACTIVITIES SUBJECT:
+Directive-type Memorandum (DTM) 19-008, "Expedited Screening Protocol (ESP)"
+References: See Attachment 1.
+
+
+Purpose.  This DTM:
+
+- Implements policy, assigns responsibilities, and prescribes procedures by
+which the Department of Defense implements the Expedited Screening Protocol (ESP)uniform and consistent standards for a centralized process for the screening and vetting of individuals requiring access to DoD systems, facilities, personnel, information, or operations for allegiance, foreign preference, or foreign influence concerns.
+- Implements the policies prescribed in DoD Instruction (DoDI) 1304.26 and in
+Section 5.2(a) of Executive Order (E.O.) 12968 for an applicant where a conditional offer of enlistment, induction, or appointment is withdrawn for failure to obtain favorable ESP results.
+- Establishes the implementation of ESP consistent with relevant governing
+documents enumerated in Attachment 1.
+- Is effective July 31, 2019 and supersedes any contradictory guidance in DoD
+Instruction 1304.26, DoD Instruction 1332.14, and DoD Manual (DoDM) 5200.02.  These DoD issuances will be updated to comply with this DTM.  The Military Departments and the Coast Guard will implement within 30 days of the effective date.
+- Will be reevaluated within 6 months of the effective date and expire effective
+January 31, 2023.  Subject to any judicial orders, the October 13, 2017 Office of the Under Secretary of Defense for Personnel and Readiness memorandum shall be held in abeyance upon the issuance of this DTM.  Based on the results of subsequent ESP reevaluation, the October 13, 2017 Office of the Under Secretary of Defense for Personnel and Readiness memorandum will be terminated, held in abeyance for an additional period, or reinstated, as appropriate.
+Applicability.  This DTM applies to:
+
+- OSD, the Military Departments (including the Coast Guard at all times,
+including when it is a Service in the Department of Homeland Security, by
+agreement with that Department), the Office of the Chairman of the Joint Chiefs of Staff and the Joint Staff, the Combatant Commands, the Office of the Inspector General of the Department of Defense, the Defense Agencies, the DoD Field
+Activities, and all other organizational entities within the DoD.
+- Applicants for military service who enter into a contract for enlistment,
+induction, or appointment, and Service members with an open initial national
+security background investigation.
+Definitions.  See Glossary. Policy.  It is DoD policy that:
+
+- Military Departments and the Coast Guard will account for all Service
+members and those individuals who have contracted into the Delayed Entry Program (DEP) and the Delayed Training Program (DTP), through their respective security managers, who have a military owning or servicing
+relationship in the DoD system of record, the Joint Personnel Adjudication System, or its successor system.  This relationship is maintained for all Service
+members, including Coast Guard personnel, from the time they are submitted for their first investigations until they separate from their respective Armed Forces.
+
+- All applicants for military service who enter into a contract for service and all
+Service members with an open initial national security background investigation will be referred for ESP if review of their Standard Form 86 (SF-86) indicates a need to screen for potential risk concerning allegiance to the United States, foreign preference, or foreign influence concerns.  ESP will augment and enhance vetting mechanisms used to inform military service eligibility determinations pertaining to enlistment, induction, or appointment within the Military Departments and the Coast Guard.
+- Consistent with the authorities and guidance set forth in E.O. 13764, Section
+1564b of Title 10, U.S.C., the Federal Investigative Standards, and Section 925 of Public Law 115-91, this process will be:
+o Applied to military accession populations with open initial national security background investigations.  These individuals will be referred for ESP if a need to screen for potential risks associated with allegiance to the United States, foreign preference, or foreign influence concerns is identified through a review of their Standard Form (SF) 86.
+
+o Applied to identify the above potential risk indicators and meet requirements and guidelines outlined in the Federal Investigative Standards for Tier 3 / Tier 5 investigations and Guidelines A, B, and C of the National Adjudicative Guidelines found in Security Executive Agent Directive 4.
+
+- Nothing in this DTM:
+o Changes policies governing National Security Determinations.
+o Precludes DoD from using ESP for other purposes, including, but not limited to, support of vetting processes that inform decisions for national security purposes (e.g., eligibility for or access to classified information or to hold a sensitive position), for suitability and fitness, and for purposes of issuing a federal identity credential in accordance with applicable law and policy.
+Responsibilities.  See Attachment 2. Procedures.  See Attachment 3. Summary of Change 3.  The expiration date of this DTM was extended. Information Collection Requirements.  The requirement for data collection in this DTM
+does not require licensing with a report control symbol in accordance with Paragraph 1.b.(13) in Enclosure 3 of Volume 1 of DoDM 8910.01.
+
+Releasability.  Cleared for public release.  Available on the Directives Division Website at https://www.esd.whs.mil/DD/.
+
+
+
+Under Secretary of Defense for Intelligence
+
+
+Assistant Secretary of Defense for
+
+
+Manpower and Reserve Affairs,
+
+
+Performing the Duties of the Under
+
+
+Secretary of Defense for Personnel
+
+
+and Readiness
+Attachments: As stated cc: Secretary of Homeland Security Commandant of the United States Coast Guard Director, Defense Counterintelligence and Security Agency
+
+## Attachment 1 References
+
+DoD Instruction 1304.26, "Qualification Standards for Enlistment, Appointment, and Induction,"
+March 23, 2015, as amended
+DoD Instruction 1332.14, "Enlisted Administrative Separations," January 27, 2014, as amended DoD Instruction 1332.30, "Commissioned Officer Administrative Separations," May 11, 2018,
+as amended
+DoD Manual 5200.02, "Procedures for the DoD Personnel Security Program (PSP),"
+April 3, 2017
+DoD Manual 8910.01, Volume 1, "DoD Information Collections Manual:  Procedures for DoD
+Internal Information Collections," June 30, 2014, as amended
+Executive Order 12968, "Access to Classified Information," August 2, 1995 Executive Order 13764, "Amending the Civil Service Rules," January 17, 2017 Executive Order 13869, "Transferring Responsibility for Background Investigations to the
+Department of Defense," April 24, 2019
+Federal Investigative Standards, December 2012 Office of the Under Secretary of Defense for Personnel and Readiness Memorandum, "Military
+Service Suitability Determinations for Foreign Nationals Who Are Lawful Permanent Residents," October 13, 2017
+Public Law 115-91, Section 925, "National Defense Authorization Act for Fiscal Year 2018,"
+April 2, 2018
+Security Executive Agent Directive 4, "National Security Adjudicative Guidelines," June 8, 2017 United States Code, Title 10, Section 1564b
+
+## Attachment 2 Responsibilities
+
+1.  ASSISTANT SECRETARY OF DEFENSE FOR MANPOWER AND RESERVE AFFAIRS. Under the authority, direction, and control of the Under Secretary of Defense for Personnel and Readiness, the Assistant Secretary of Defense for Manpower and Reserve Affairs, through the Director, DoD Accessions Policy will, in coordination with Military Department and Coast Guard counterparts, oversee and assess the ESP performance as it relates to military accessions screening for eligibility for enlistment, induction, or appointment. 2.  DIRECTOR FOR DEFENSE INTELLIGENCE (COUNTERINTELLIGENCE, LAW ENFORCEMENT, AND SECURITY).  Under the authority, direction, and control of the Under Secretary of Defense for Intelligence and Security, the Director for Defense Intelligence (Counterintelligence, Law Enforcement, and Security) will provide guidance and oversight for the ESP under the DoD Personnel Security Program.  Additionally, in coordination with Director, DoD Accessions Policy and with Military Department and Coast Guard counterparts, will oversee and assess ESP performance with respect to military accessions screening. 3.  DIRECTOR, DEFENSE COUNTERINTELLIGENCE AND SECURITY AGENCY.  Under the authority, direction, and control of the Under Secretary of Defense for Intelligence and Security, the Director, Defense Counterintelligence and Security Agency, will:
+a.  Establish training and other policies, procedures, and personnel requirements for the Expedited Screening Center (ESC), and other organizational entities to execute and achieve the requirements of this DTM.
+
+b.  In coordination with the Director for Defense Intelligence (Counterintelligence, Law Enforcement, and Security), establish a centralized capability for using ESP to identify and mitigate potential high risk indicators associated with allegiance, foreign preference, and foreign influence concerns within military accessions populations.
+
+c.  Provide metrics and other data to the Director for Defense Intelligence
+(Counterintelligence, Law Enforcement, and Security) and to the Director, DoD Accessions Policy, to be shared with the Military Departments and Military Services, regarding ESP
+timelines and trends for accessions as defined by this DTM. 4.  SECRETARIES OF THE MILITARY DEPARTMENTS.  The Secretaries of the Military Departments:
+a.  Will, for their respective departments, establish training and other policies, procedures and, for Fiscal Year 2019, personnel requirements to execute and achieve the requirements of this DTM.
+
+b.  May waive certain requirements as described in Attachment 3.
+
+## 5.  Commandant Of The United States Coast Guard.  The Commandant Of The United States Coast Guard:
+
+a.  Will, as necessary and appropriate, integrate the results of ESP into its adjudication of personnel vetting in accordance with this DTM, DoDI 1304.26, and DoDM 5200.02.
+
+b.  May waive certain requirements as described in Attachment 3.
+
+## Attachment 3 Esp Process And Timeliness Goals 1.  General
+
+a. The requirements in this attachment shall be fully achieved by 12 months from the date of issuance of this DTM.
+
+b. All applicants for military service who enter into a contract for service and all Service members with an open initial national security background investigation will be referred for ESP when information the individual provides on the SF-86 signals a need to screen for concerns regarding allegiance to the United States, foreign preference, or foreign influence, as follows:
+(1)  Responses to Questions 9, 10, 11, 12, 15.3, 17, 18, 19, 20a, 20b, 25, or 29 of the SF-86 signal need to screen for potential risk indicators associated with allegiance to the United States, foreign preference, or foreign influence concerns.
+(2)  Responses to Question 20c of the SF-86 will be used as a secondary indicator until this question is incorporated into the protocol as a primary indicator no later than October 1, 2020.
+
+2.  ESP PROCEDURES.  In accordance with the following procedures, the ESP will be implemented in two phases to minimize disruption to military accessions and to allow for evaluation of the protocol.
+
+## A.  Esp Initiation (Phase 1), Through Fiscal Year 2019.
+
+(1)  Individuals will be held from shipping to initial entry training (IET), held at current duty station, or held at a Service-designated staging location when initial ESP results reveal potential high risk indicators regarding allegiance to the United States, foreign preference, or foreign influence concerns.
+
+(2)  Hold statuses, unless waived by the Secretary concerned, or the Commandant of the Coast Guard, as the case may be, per Section 3 of this DTM, will be in effect until a favorable ESP result is rendered.  Actions taken in response to Final ESP results are addressed in Sections 2.d and 2.c of this attachment.
+
+## B.  Esp Initiation (Phase 2), Effective During Fiscal Year 2020.
+
+(1)  Phase 2 initiation will be subject to analysis and review by the Offices of the Under Secretary of Defense for Personnel and Readiness and of the Under Secretary of Defense for Intelligence and Security.
+
+(2)  Individuals referred to ESP will not proceed to IET (either basic or advanced training) until any identified potential high risk indicators have been mitigated and a favorable ESP result is rendered, or until the Military Department concerned or the Coast Guard, as the case may be, makes a determination to retain the individual from military service.
+
+(3)  Current service members who are referred to ESP will remain at their present duty station or service-designated staging location until any identified potential risk indicators have been mitigated and a favorable ESP result is rendered, or until the Military Department concerned or the Coast Guard, as the case may be, makes a determination to retain or separate the individual from military service.
+
+c.  Final ESP Results.  Final ESP results, regardless of outcome, will be forwarded to the National Background Investigation Bureau or the appropriate investigative service provider, and the Department of Defense Consolidated Adjudications Facility (DoD CAF) or the appropriate adjudicative entity to inform Tier 3 or Tier 5 background investigations.
+
+(1)  No Potential High Risk Indicators.  If final ESP results do not identify any potential high risk indicators, ESC personnel will annotate the system of record accordingly.
+
+(2)  Potential High Risk Indicators Are Mitigated.  If final ESP results identify potential high risk indicators and ESC personnel identify mitigating information, the individual will not need to be further processed in ESP.  ESC personnel will annotate the system of record accordingly with the favorable result.
+(3)  High Risk Indicators Are Not Mitigated.  If final ESP results identify potential high risk indicators and ESC personnel cannot identify mitigating information, ESC personnel will annotate the system of record with the unfavorable result and notify the Military Department concerned or the Coast Guard, as the case may be, accordingly.
+
+## D.  Notifications And Separation Procedures.
+
+(1)  Unfavorable ESP Results Notification.  If the ESP produces unfavorable results, the ESC will notify the Military Department concerned or the Coast Guard, as the case may be.  The notification will read:  "[Named Individual] has high risk indicators with no available mitigating information."
+
+## (2)  Military Department And Coast Guard Actions.
+
+(a)  After receiving an unfavorable ESP result, the Military Department concerned or the Coast Guard, as the case may be, will determine whether the individual continues to meet eligibility requirements for enlistment, induction, or separation in accordance with DoDI 1304.26, and whether the individual should be separated from military service in accordance with DoDI 1332.14 or DoDI 1332.30.  The enlistment, induction, or appointment criteria in Paragraph 2.h.(6) in Enclosure 3 of DoDI 1304.26 is amended to include the following criteria:
+1.  Receives an unfavorable result from a review of information that revealed the individual presents an unacceptable risk to good order and discipline within the Armed Forces.
+
+2.  Receives an unfavorable determination by an adjudicative entity on a completed Tier 3 or higher-level investigation adjudicated according to the National Security Standards set forth in E.O. 12968, while in the Delayed Entry Program, the Delayed Training Program, or otherwise in entry-level status.
+
+(b)  If a Tier 3 or Tier 5 background investigation results an unfavorable national security determination from an adjudicative entity, the Military Departments and the Coast Guard, after receiving the notification, will initiate separation proceedings in accordance with DoDIs 1332.14 and DoDI 1332.30, as amended by this DTM.
+
+(3)  Administrative Separation Procedures.  The procedures in Section 5.2(a) of E.O. 12968 will not apply to Service members who are being considered for administrative separation under DoDI 1332.14 or DoDI 1332.30, or for any other reason other than denial of eligibility for access to classified information or to hold a national security position.  The policy in Paragraph 5 in Enclosure 3 of DoDI 1332.14 will be followed and is amended with the following policy for unfavorable results or determinations:
+
+## (A)  Separation From The Dep.
+
+1.  An individual who is in the DEP may be separated because of ineligibility for enlistment in accordance with DoDI 1304.26, or the additional standards prescribed by the Secretary of the Military Department concerned or by the Commandant of the Coast Guard, or upon his or her request when authorized by the Secretary of the Military Department concerned or by the Commandant of the Coast Guard, as the case may be.  This includes individuals in DEP who have been determined to no longer meet eligibility requirements for enlistment or induction based upon unfavorable ESP results.
+
+2.  Paragraph 4.e. in Enclosure 3 of DoDI 1332.14 shall be amended to require that the individual be notified of the proposed separation and the reasons for it.  If the reasons include classified information, unclassified summaries may be used; however, any summaries derived from classified information will be consistent with the national security interests of the United States and other applicable law.
+
+(b)  Entry-Level Performance and Conduct Separations.  This paragraph applies to individuals in the Delayed Training Program (DTP) or otherwise in entry-level status.
+
+1.  An enlisted Service member may be separated while in entrylevel status when it is determined that the enlisted Service member: no longer meets the requirements for eligibility for enlistment or induction as specified in DoDI 1304.26; or is unqualified for further military service by reason of unsatisfactory performance, conduct, or both.  Evidence of an enlisted Service member being unqualified may include lack of capability, lack of reasonable effort, failure to adapt to the military environment, or minor disciplinary infractions.
+2.  When separation of an enlisted Service member in entry-level status is warranted by failure to meet the requirements for eligibility for enlistment or induction; or unsatisfactory performance, conduct, or both, the enlisted Service member should be processed for entry-level separation.  However, entry-level status does not preclude separation for any other reason authorized by this issuance when such separation is warranted by the circumstances of the case.
+3.  Counseling and rehabilitation requirements are normally important aspects of the reason for separation.  Except in separations based on failure to meet the requirements for eligibility for enlistment or induction, separation processing may not be initiated until the enlisted Service member has been formally counseled concerning those deficiencies as reflected in appropriate counseling or personnel records.  An enlisted Service member in entry-level status should not be separated for unsatisfactory performance, minor disciplinary infractions, or both, when this is the sole reason, unless appropriate efforts at rehabilitation have been made under standards prescribed by the Secretary of the Military Department concerned or by the Commandant of the Coast Guard.
+(c)  Administrative Separation Procedures for Service Members No Longer in an Entry Level Status.  An Armed Force will use Secretarial Plenary Authority for enlisted Service members who are not in the DEP or DTP or are otherwise not in entry-level status, who have been determined to no longer meet eligibility requirements for enlistment or induction based on the unfavorable ESP results.
+(4)  Notice of Separation.  Enlisted Service members who are facing separation, based on unfavorable ESP results in accordance with DoDI 1332.14 will be provided notice of intended separation consistent with Paragraph 2 in Enclosure 5 of DoDI 1332.14.
+(a)  The individual will be notified in writing of:
+1.  The basis of the proposed separation, including the circumstances upon which the separation is based and a reference to this DoDI and any applicable provisions of the appropriate Military Department's or the Coast Guard's implementing regulation, as the case may be.  If the basis includes classified information, unclassified summaries may be used.  However, any summaries derived from classified information will be consistent with the national security interests of the United States and other applicable law.
+2.  Whether the proposed separation could result in discharge, release from active duty to a Reserve Component, transfer from the Selected Reserve to the Individual Ready Reserve, release from custody or control of the Military Services, or other form of separation.
+3.  The least favorable characterization of service or description of separation authorized for the proposed separation.
+4.  The right to obtain copies of documents that will be forwarded to the separation authority supporting the basis of the proposed separation.  Classified information in such documents may be provided to the individual in unclassified summarized format.  However, any summaries derived from classified information provided to the individual shall be consistent with the national security interests of the United States and other applicable law.
+(b)  Consistent with DoDI 1332.14 (as amended by this DTM), individuals facing administrative separation from military service based on unfavorable ESP results will receive the notice in the Figure.
+
+"A review of information indicates that you present an unacceptable risk to good order and discipline within the Armed Forces and that it is not in the best interests of the [Military Department or the Coast Guard] for you to continue to serve. Accordingly, you are being notified that 30 days from your receipt of this memorandum, we intend to take action to administratively separate you from the Armed Forces."
+
+## (5)  Separation Procedures For Commissioned Officers.
+
+(a)  A commissioned officer who receives an unfavorable final ESP result will be separated from the Military Department concerned or the Coast Guard, as the case may be, in accordance with regulations outlined in Section 3 of DoDI 1332.30.
+
+(b)  The Military Department or the Coast Guard will reject an application for an officer commission by an applicant who receives unfavorable ESP results. The applicant for a commission will only receive notice that his or her application has been rejected for failure to meet initial security screening requirements. The separation procedures specified in Paragraph 2.d.(3) in this attachment do not apply in these circumstances.
+
+## 3. Waivers
+
+a.  The Secretaries of the Military Departments and the Commandant of the Coast Guard have authority to waive the requirements to separate or disqualify individuals with unfavorable ESP results on a case by case basis.  A waiver may only apply to a single individual and cannot be applied to groups.  Waivers must explain why the individual is deemed mission essential while acknowledging the associated risks identified through the ESP.
+
+b.  The Secretaries of the Military Departments and the Commandant of the Coast Guard may delegate, in writing, to an Assistant Secretary or to a Deputy Chief of Staff, respectively, the authority to grant waivers to retain an individual with high risk indicators and to accept the risk on behalf of the Secretary of the Military Department concerned, or the Commandant of the Coast Guard, as the case may be.
+c.  Any waiver decision by the Secretaries of the Military Departments and the Commandant of the Coast Guard will be informed by an executive summary of ESP results to be provided by the ESC upon request.
+d.  The Secretaries of the Military Departments and the Commandant of the Coast Guard, or their designees, will provide copies of all approved ESP waivers to the Under Secretary of Defense for Intelligence and Security and the Under Secretary of Defense for Personnel and Readiness explaining why the accession or retention of the individual is in the national security interest of the respective Military Service.
+
+## 4.  Overall Esp Process Timeliness Goals
+
+a.  If there are no potential high risk indicators identified through the ESP, the goal for completion is within 14 days of the date on which the ESC received SF-86 information (approximately 7 to 10 days after the SF-86 is completed, submitted, and any information inconsistencies are resolved).  However, if the ESP identifies potential high risk indicators, the goal for completion of analysis and potential mitigation is within 90 days of receipt of SF-86 data by the ESC.
+
+b.  This protocol should not unduly affect individuals proceeding to IET in a timely manner.  All efforts will be made to minimize the impact to the Military Department and Coast Guard training pipelines, while identifying and mitigating risks through the ESP.
+c.  Metrics, data, and trends regarding ESP will be provided by the Director, Defense Counterintelligence and Security Agency,  to the Director for Defense Intelligence (Counterintelligence, Law Enforcement, and Security), and the Director, DoD Accessions Policy, to be shared with Military Departments and the Coast Guard.
+5.  PROCESS REVIEW.  The Offices of the Under Secretaries of Defense for Intelligence and Security and of Personnel and Readiness will conduct a process review regarding the ESP implementation to determine effectiveness and resourcing in Fiscal Year 2020.
+
+## Glossary Part I.  Abbreviations And Acronyms
+
+
+DEP
+Delayed Entry Program
+DoD CAF
+Department of Defense Consolidated Adjudications Facility
+DoDI
+DoD instruction
+DoDM
+DoD manual
+DTM
+directive-type memorandum
+DTP
+Delayed Training Program
+E.O.
+Executive order
+ESC
+Expedited Screening Center
+ESP
+Expedited Screening Protocol
+
+IET
+Initial Entry Training
+SF
+Standard Form
+
+
+## Part Ii.  Definitions
+
+ These terms and definitions are for the purpose of this issuance. ESP.  A set of procedures used to vet an individual who provides responses to certain SF-86 questions that raise potential allegiance, foreign influence, or foreign preference concerns, specifically sections 9, 10, 11, 12, 15.3, 17, 18, 19, 20a, 20b, 25, or 29, and section 20c as a secondary factor initially. open initial national security background investigation.  A national security background investigation that is initiated when a Service member first accesses into the Armed Forces, and the investigative service provider has not forwarded it to the adjudicative entity for adjudication.
+eligibility. Eligibility for enlistment, appointment, and induction into the Military Services as outlined in DoDI 1304.26 and suitability as described in E.O. 12968. potential high risk indicator.  Data that meets or exceeds predetermined expandable focused investigation thresholds, outlined in the Federal Investigative Standards (as amended) pertaining to adjudicative guideline regarding allegiance to the United States, foreign influence, and foreign preference concern.

markdown/dod/dtm-19-010.md

@@ -0,0 +1,182 @@
+5000 DEFENSE PENTAGON
+WASHINGTON, DC 20301-5000
+
+INTELLIGENCE
+
+
+September 6, 2019
+Incorporating Change 1, Effective October 6, 2020 MEMORANDUM FOR CHIEF MANAGEMENT OFFICER OF THE DEPARTMENT OF
+DEFENSE
+SECRETARIES OF THE MILITARY DEPARTMENTS CHAIRMAN OF THE JOINT CHIEFS OF STAFF UNDER SECRETARIES OF DEFENSE CHIEF OF THE NATIONAL GUARD BUREAU
+GENERAL COUNSEL OF THE DEPARTMENT OF DEFENSE
+DIRECTOR, COST ASSESSMENT AND PROGRAM
+EVALUATION
+INSPECTOR GENERAL OF THE DEPARTMENT OF DEFENSE
+DIRECTOR, OPERATIONAL TEST AND EVALUATION CHIEF INFORMATION OFFICER OF THE DEPARTMENT OF
+DEFENSE
+ASSISTANT SECRETARY OF DEFENSE FOR LEGISLATIVE
+AFFAIRS
+ASSISTANT TO THE SECRETARY OF DEFENSE FOR PUBLIC
+AFFAIRS
+DIRECTOR, NET ASSESSMENT DIRECTORS OF THE DEFENSE AGENCIES
+DIRECTORS OF THE DOD FIELD ACTIVITIES SUBJECT:
+Directive-type Memorandum (DTM) 19-010 - "Interim Policy for DoD Intelligence Interrogations, Detainee Debriefings (I2D2), and Tactical Questioning
+(TQ)" References:   See Attachment 1.
+
+
+Purpose.
+
+- Pursuant to the authority in DoD Directive (DoDD) 5143.01, this DTM
+establishes interim policy on I2D2 and TQ in accordance with DoDD 3115.09. Specifically, this DTM:
+o Establishes policy on the oversight, management, and execution of
+I2D2 and TQ in accordance with DoDD S-5200.37.
+o Establishes policy on the arming of personnel participating in I2D2 or
+TQ.
+
+
+o Establishes policy on when DoD intelligence interrogators, detainee debriefers, and support personnel may be utilized to guard, transport, or otherwise process detainees.
+
+o Establishes policy on the conduct of I2D2 of individuals in foreign custody.
+
+- This DTM is effective September 6, 2019; it must be incorporated into existing DoD policy such as DoDD 3115.09 as appropriate.  This DTM will expire effective September 6, 2021.
+
+Applicability.  This DTM applies to:
+
+- OSD, the Military Departments, the Office of the Chairman of the Joint Chiefs
+of Staff and the Joint Staff, the Combatant Commands, the Office of the Inspector General of the Department of Defense, the Defense Agencies, the DoD Field Activities, and all other organizational entities within the Department of Defense (referred to collectively in this DTM as the "DoD Components").
+- DoD military personnel, DoD civilian employees, and DoD contractor
+personnel to the extent incorporated in their contracts, who conduct or support I2D2 or TQ (referred to collectively in this DTM as "DoD personnel").
+- Non-DoD personnel who agree to comply with the terms of this DTM as a
+condition of DoD permitting them access to or to accompany DoD personnel to
+conduct I2D2 or other forms of questioning of persons detained either by the DoD or by a foreign partner.
+Definitions.  See Glossary. Policy.  It is DoD policy that:
+
+- I2D2 are a subset of human intelligence (HUMINT) activities and are
+conducted under the authority of the defense HUMINT executor (DHE) in accordance with DoDD S-5200.37.
+o Coordination and deconfliction of I2D2 activities will occur at the lowest possible level.
+
+o I2D2 activities will be coordinated with the appropriate Combatant Command.
+
+o HUMINT source operational proposals, HUMINT source administration, and HUMINT source validation requirements do not apply to I2D2 activities.
+
+o All individuals who have been issued an internment serial number and are the subject of I2D2 activities that result in intelligence reporting will be registered in a DoD Component source registry compatible with the Integrated Defense Source Registry System.
+
+- DoD personnel may be required to conduct or support (e.g., serve as linguists, interpreters, analysts, report writers, or information technology technicians) the I2D2 of individuals in U.S. or foreign custody and TQ of individuals at or near the point of capture before being placed in a detention facility in areas without adequate security.  While conducting or supporting I2D2 or TQ, these personnel may be armed for their personal protection in connection with the performance of their official duties as authorized by the geographic Combatant Commander, or his or her designee, in whose area of responsibility they are operating in accordance with DoDD 5210.56.
+
+- DoD intelligence interrogators, detainee debriefers, and associated support
+personnel will not guard, transport, process, or assume custodial responsibilities for detainees unless in an extraordinary circumstance no one else is available to perform these duties.
+Responsibilities.  See Attachment 2. Procedures.  See Attachments 3, 4, 5, and 6. Summary of Change 1.  This administrative change updates the title of the Under Secretary of Defense for Intelligence to the Under Secretary of Defense for Intelligence and Security in accordance with Public Law 116-92 and extends the expiration date.
+
+Releasability.  **Cleared for public release.**  Available on the Directives Division Website at https://www.esd.whs.mil/DD/. Attachments: As stated
+
+## Attachment 1 References
+
+DIA Counterintelligence and Human Intelligence Enterprise Manual 3301.002, Volume II,
+"Defense Counterintelligence and Human Intelligence Enterprise Manual:  Human
+Intelligence Collection Operations (U)," June 22, 20151
+DoD Directive 2310.01E, "DoD Detainee Program," August 19, 2014, as amended DoD Directive 3115.09, "DoD Intelligence Interrogations, Detainee Debriefings, and Tactical
+Questioning," October 11, 2012, as amended
+DoD Directive 5143.01, "Under Secretary of Defense for Intelligence and Security
+(USD(I&S))," October 24, 2014, as amended
+DoD Directive S-5200.37, "Management and Execution of Defense Human Intelligence
+(HUMINT) (U)," February 9, 2009, as amended
+DoD Directive 5210.56, "Arming and the Use of Force," November 18, 2016 DoD Instruction 3305.12, "Intelligence and Counterintelligence (I&CI) Training of Non-U.S.
+Persons," October 14, 2016, as amended
+DoD Instruction S-5105.63, "Implementation of DoD Cover and Cover Support Activities (U),"
+June 20, 2013
+DoD Instruction 5240.04, "Counterintelligence (CI) Investigations," April 1, 2016, as amended DoD Instruction 5505.03, "Initiation of Investigations by Defense Criminal Investigative
+Organizations," March 24, 2011, as amended
+Public Law 111-84, "The National Defense Authorization Act for Fiscal Year 2010,"
+October 28, 2009
+Public Law 116-92, "National Defense Authorization Act for Fiscal Year 2020,"
+December 20, 2019
+U.S. Army Field Manual 2-22.3, "Human Intelligence Collector Operations," September 6, 2006
+
+## Attachment 2 Responsibilities
+
+1.  DIRECTOR, DEFENSE INTELLIGENCE AGENCY.  Under the authority, direction, and control of the Under Secretary of Defense for Intelligence and Security (USD(I&S)) and in addition to the responsibilities in Paragraph 2 of this attachment, the Director, Defense Intelligence Agency, as the Defense HUMINT Manager, will develop a centrally maintained and searchable DoD database for I2D2 technical, administrative, and operational reports that can be linked to published intelligence reports.
+
+2.  DoD COMPONENT HEADS.  The DoD Component heads who conduct or support I2D2 or TQ will:
+a.  Provide guidance on the arming of DoD personnel participating I2D2 or TQ in I2D2
+or TQ plans, policies, orders, directives, training, doctrine, and tactics, techniques, and procedures.
+
+b.  Train appropriate personnel in the conduct of TQ in accordance with DoDD 3115.09, DoDD 2310.01E, and Attachment 6 of this DTM.
+
+## Dhe
+
+DoD Component heads with the mission to conduct HUMINT activities each have a DHE who approves I2D2 activities in accordance with DoDD S-5200.37.  The DHE may delegate the authority to approve I2D2 activities to any subordinate military personnel or civilian employees who are assigned or attached to an organization with the mission to conduct I2D2 activities and staffed with intelligence interrogators and/or detainee debriefers who are trained and certified by a DIA-established certification program in accordance with DoDD 3115.09.  The DHE or his or her delegate will:
+a.  Plan, execute, and oversee I2D2 activities in accordance with DoDD 3115.09 and this DTM, ensuring these activities are incorporated into the planning and execution of all phases of an operation.
+
+b.  Provide the USD(I&S) with a monthly summary of all I2D2 activities.
+c.  Ensure non-DoD personnel who accompany DoD personnel to conduct I2D2 or other forms of questioning of persons detained either by the DoD or by a foreign partner comply with DoDD 3115.09 and this DTM.
+
+d.  Ensure support personnel who interact with a detainee are assigned a unique identifying number and that their true name, unit, Military Service or government agency, and contact information is recorded in a searchable, permanent archive.  These unique identifying numbers must not be used to sign documents related to the detention, release, repatriation, medical care, or death of persons detained by the U.S. Government.
+
+e.  Coordinate and deconflict I2D2 activities in accordance with DoDD S-5200.37.
+
+## Attachment 4 Dod I2D2 Of Individuals In Foreign Custody
+
+1.  DoD ACCESS TO INDIVIDUALS IN FOREIGN CUSTODY.  The DHEs, or their delegates, may authorize appropriately trained and certified DoD personnel to conduct I2D2 of individuals in foreign custody, or to debrief foreign partners for information gained from interrogations or other questioning of individuals in foreign custody, to satisfy DoD intelligence collection requirements.  The foreign partner is responsible for the health, welfare, and security of individuals within its custody.  DoD personnel will report reportable incidents allegedly committed by DoD, non-DoD U.S., or foreign personnel in accordance with Enclosure 3 of DoDD 3115.09.
+
+a.  Only trained and certified DoD intelligence interrogators will conduct unilateral, joint, or combined intelligence interrogations of individuals in foreign custody using only those intelligence interrogation approaches and technique that are authorized by and listed in U.S. Army Field Manual 2-22.3.  During combined intelligence interrogation operations, in addition to questioning a detainee in foreign custody, DoD intelligence interrogators may:
+
+(1)  Accompany foreign partners during foreign interrogation sessions or other
+questioning.
+(2)  Question foreign partners on their interrogation sessions or other questioning. (3)  Monitor or observe foreign interrogations or other questioning. (4)  Advise foreign partners on lines of questioning and approach strategies. (5)  Review foreign partners' performance during interrogations or other
+questioning.
+(6)  Provide source-directed requirements to foreign partners. (7)  Provide analysis of the foreign partners' interrogations to the foreign partners.
+b.  The above DoD interactions with foreign partners during combined I2D2 do not constitute intelligence training and are not subject to the requirements of DoD Instruction 3305.12.
+
+c.  DoD unilateral or combined detainee debriefings of individuals in foreign custody will be conducted in accordance with Enclosure 4 of DoDD 3115.09. 2.  AUDIO-VIDEO RECORDING OF DoD INTELLIGENCE INTERROGATIONS IN FOREIGN FACILITIES.  Subsection 1080(a) of Public Law 111-84 does not require the audiovideo recording of any DoD intelligence interrogations conducted in a host nation or foreign entity facility if the detainee is not in the custody or under the effective control of the DoD.
+
+3.  JOINT AND COMBINED I2D2 OF INDIVIDUALS IN FOREIGN CUSTODY.  Non-DoD U.S. Government personnel may provide support to I2D2 or conduct joint or combined I2D2 with DoD personnel of individuals in foreign custody.  Support includes face-to-face or remote access to the individual in foreign custody for the purposes of providing analytical support or subject-matter expert support to I2D2.  When the DoD facilitates access to the individual in foreign custody, all personnel participating in the I2D2 on behalf of the DoD must comply with DoDD 3115.09, this DTM, and any other applicable DoD policies and procedures subject to the following additional requirements:
+a.  Non-DoD U.S. Government and third-party foreign personnel supporting DoD I2D2
+of individuals in foreign custody will sign a written agreement to comply with DoDD 3115.09, this DTM, and any other applicable DoD policies and procedures before being allowed access.
+b.  Foreign facility personnel supporting DoD I2D2 of individuals in their custody will comply with DoDD 3115.09, this DTM, and any other applicable DoD policies and procedures.
+
+c.  All non-DoD U.S. Government and foreign personnel gaining DoD-facilitated access to conduct I2D2 of an individual in foreign custody must be monitored by a trained and certified DoD intelligence interrogator or detainee debriefer, as appropriate, at all times. 4.  VIOLATIONS OF DoD POLICY AND PROCEDURES DURING JOINT AND COMBINED I2D2 OF INDIVIDUALS IN FOREIGN CUSTODY.  If any party involved in a DoD-facilitated joint or combined I2D2 of an individual in foreign custody commits a reportable incident, DoD personnel will immediately terminate their involvement and report the incident in accordance with Enclosure 3 of DoDD 3115.09.  When a reportable incident involves the staff of a foreign facility, the appropriate DoD Component head, or his or her designee, will determine whether to allow continued DoD intelligence activities at the foreign facility.
+
+## Reportable Incidents Involving Non-Dod U.S. Or Foreign Personnel Accompanying Dod Personnel In Foreign Facilities
+
+Reportable incidents allegedly committed by non-DoD U.S. or foreign personnel accompanying DoD personnel in foreign facilities will be reported in accordance with Enclosure 3 of DoDD 3115.09 and referred to proper authorities (e.g., other U.S. Government, allied, coalition, or host nation authorities) for appropriate action.
+
+a.  Any additional DoD investigation of such incidents may be conducted at the direction of the appropriate DoD Component head, the Inspector General of the Department of Defense, the USD(I&S), or higher authority.
+
+b.  When DoD personnel facilitate the access of non-DoD U.S. or third-party foreign personnel to an individual in foreign custody, if the non-DoD U.S. or third-party foreign personnel commit a reportable incident, they will be immediately removed from the I2D2.  The senior DoD official present will decide whether to continue the I2D2.  The appropriate DoD Component head, or his or her delegate, will then determine whether to cease facilitation of the non-DoD U.S. or third-party foreign personnel's access to individuals in foreign custody until the reportable incident has been resolved.
+
+c.  Nothing in this policy changes the investigative responsibilities of any Defense Criminal Investigative Organization or Military Department Counterintelligence Organization in accordance with DoD Instruction 5505.03 and DoD Instruction 5240.04.
+
+## Tq
+
+TQ is limited to direct questioning and is generally performed by members of patrols, but can be done by any appropriately trained DoD personnel.  In accordance with this DTM, the DoD Component heads will provide TQ training for DoD personnel who conduct, support, or participate in TQ.  These personnel will be trained, at a minimum, in direct questioning techniques, the law of war, and humane treatment standards.  DoD intelligence interrogators and detainee debriefers may conduct TQ without any additional training.  DoD intelligence interrogators and detainee debriefers who conduct TQ will report any information of intelligence value as appropriate.
+
+## Glossary Part I.  Abbreviations And Acronyms
+
+| DHE      | defense human intelligence executor                      |
+|----------|----------------------------------------------------------|
+| DoDD     | DoD directive                                            |
+| DTM      | directive-type memorandum                                |
+|          |                                                          |
+| HUMINT   | human intelligence                                       |
+|          |                                                          |
+| I2D2     | intelligence interrogation and detainee debriefings      |
+|          |                                                          |
+| TQ       | tactical questioning                                     |
+|          |                                                          |
+| USD(I&S) | Under Secretary of Defense for Intelligence and Security |
+
+## Part Ii.  Definitions
+
+Unless otherwise noted, these terms and definitions are for the purpose of this issuance.
+
+combined detainee debriefing.  The process of using direct questions to elicit information from a cooperative detainee in which a DoD detainee debriefer or intelligence interrogator works with a foreign government representative  to obtain information to satisfy intelligence collection requirements.
+
+combined intelligence interrogation.  The process of using interrogation approaches to question a detainee in which a DoD intelligence interrogator works with a foreign government representative to obtain information to satisfy intelligence collection requirements. DHE.  Defined in DoDD S-5200.37. Defense HUMINT Manager.  Defined in DoDD S-5200.37. debriefing.  Defined in DoDD 3115.09.  Referred to as "detainee debriefing" in this DTM. Integrated Defense Source Registry System.  Defined in Volume II of DoD Counterintelligence and HUMINT Enterprise Manual 3301.002. intelligence interrogation.  Defined in DoDD 3115.09. joint detainee debriefing.  The process of using direct questions to elicit information from a cooperative detainee in which a DoD detainee debriefer or intelligence interrogator works with another DoD element or U.S. Government department or agency to obtain information to satisfy intelligence collection requirements.
+
+joint intelligence interrogation.  The process of using interrogation approaches to question a detainee in which a DoD intelligence interrogator works with another DoD element or U.S. Government department or agency to obtain information to satisfy intelligence collection requirements.
+
+subject-matter expert.  A person with significant professional knowledge in specific areas. support personnel.  Personnel who support the intelligence interrogation, detainee debriefing, or other questioning of a detainee, including linguists, interpreters, analysts, report writers, information technology technicians, trainers, and advisers. true name.  Defined in DoD Instruction S-5105.63.
+
+TQ.  Defined in DoDD 3115.09.
+
+unilateral intelligence interrogation.  Intelligence interrogations performed by only one DoD element.

markdown/dod/i2060_03.md

@@ -0,0 +1,365 @@
+## Dod Instruction 2060.03 Application Of The National Security Exclusion To The Agreements Between The United States Of America And The International Atomic Energy Agency For The Application Of Safeguards In The United States Of America
+
+
+
+Originating Component:
+Office of the Under Secretary of Defense for Acquisition and Sustainment
+
+
+Effective:
+September 10, 2019
+
+
+
+Releasability:
+Cleared for public release.  Available on the Directives Division Website at http://www.esd.whs.mil/DD/.
+
+
+
+Reissues and Cancels:
+DoD Instruction 2060.03, "Application of the National Security Exclusion
+to the Agreements Between the United States of America and the International Atomic Energy Agency for the Application of Safeguards in the United States of America" November 13, 2008
+
+
+
+Approved by:
+Ellen M. Lord, Under Secretary of Defense for Acquisition and Sustainment
+
+
+Purpose: In accordance with the authority in DoD Directive (DoDD) 5134.01, the July 13,
+2018, Deputy Secretary of Defense Memorandum, and DoDD 2060.01, this issuance:
+
+- Implements policy and assigns responsibilities for DoD planning and application of the national
+security exclusion (NSE) under agreements between the United States and the International Atomic Energy Agency (IAEA) for implementation of IAEA safeguards.
+- Prescribes DoD requirements and procedures, in accordance with U.S. policy and law, for applying
+the NSE and for using managed access at or near locations, sites, and facilities as well as associated
+information and activities with direct national security significance to DoD.
+
+## Table Of Contents
+
+ SECTION 1:  GENERAL ISSUANCE INFORMATION ........ 3
+1.1.  Applicability. ........ 3 1.2.  Policy. ........ 3 1.3.  Information Collections. ........ 3
+SECTION 2:  RESPONSIBILITIES ........ 5
+2.1.  Under Secretary of Defense for Acquisition and Sustainment (USD(A&S)). ........ 5 2.2.  Assistant Secretary of Defense for Nuclear, Chemical, and Biological Defense
+Programs. ........ 5
+2.3.  Under Secretary of Defense for Policy(USD(P)). ........ 5 2.4.  DoD Component Heads ........ 5
+2.5.  Chairman of the Joint Chiefs of Staff. ........ 6
+SECTION 3:  PROCEDURES ........ 7
+3.1.  Background. ........ 7 3.2.  Applying the NSE Under the IAEA Agreement. ........ 7
+a.  Applying the NSE During Periodic Reviews of Proposed EFLs. ........ 7 b.  Applying the NSE Under IAEA Safeguards Due to a Change in Circumstances. ........ 8
+3.3.  Applying the NSE Under the AP. ........ 8
+a.  Timely DoD Assessments and Application of the NSE. ........ 8 b.  Applying the NSE Under the AP During Data Calls for Potential AP Declarations. .... 9 c.  Applying NSE Under the AP During the Review of Periodic Updates to the AP
+Declaration. ........ 10
+d.  Applying the NSE to a Declared Activity Under the AP Due to a Change in
+Circumstances. ........ 11
+e.  Applying the NSE Under the AP During Complementary Access. ........ 11
+SECTION 4:  U.S.-IAEA AP REPORTING REQUIREMENTS SECTION 1:  GENERAL ISSUANCE INFORMATION ........ 13
+4.1.  Reporting Periods........ 13 4.2.  Declarable Activities. ........ 13
+GLOSSARY ........ 15
+G.1.  Acronyms. ........ 15 G.2.  Definitions. ........ 15
+REFERENCES ........ 18 TABLES Table 1. AP Declarations and Reporting Requirements ........ 13
+
+## Section 1:  General Issuance Information
+
+1.1.  APPLICABILITY.  This issuance applies to OSD, the Military Departments, the Office of the Chairman of the Joint Chiefs of Staff and the Joint Staff, the Combatant Commands, the Office of the Inspector General of the Department of Defense, the Defense Agencies, DoD Field Activities, and all other organizational entities within DoD (referred to collectively in this issuance as the "DoD Components").
+
+1.2.  POLICY.  In accordance with DoDD 2060.01:
+a.  All DoD activities related to IAEA safeguards will fully comply with the NSE provisions of the December 9, 1980 Agreement Between the United States of America and the IAEA (IAEA
+Agreement); and the June 12, 1998 Protocol Additional to the Agreement Between the United States of America and the IAEA for the Application of Safeguards in the United States of America (commonly referred to as the Additional Protocol (AP)).
+
+b.  DoD will not declare or make eligible any current or former locations, sites, facilities, or associated information or activities of direct national security significance for the purpose of IAEA access under the provisions of the IAEA Agreement and the AP.
+
+c.  The NSE excludes IAEA access under IAEA safeguards to all current or former DoD-
+owned or -leased locations, sites, and facilities (or associated information or activities) of direct national security significance, including but not limited to: operations and training; intelligence; materiel production, maintenance, and supply; research, development, testing, and evaluation; and infrastructure and personnel.
+
+d.  The NSE excludes any other facility under the IAEA Agreement, as well as any location, site, facility, or associated information or activities of direct national security significance under the AP, from AP Declaration requirements and from IAEA access where its proximity to or association with a DoD location, site, or facility could result in IAEA access.  The NSE does not apply to U.S. Government assets outside of the United States.  Any exclusion of U.S Government assets outside of the United States should be addressed with the host country through the applicable host country agreements.
+
+e.  Managed access, consistent with the AP, the July 12, 1998 Subsidiary Arrangement to the Protocol Additional to the Agreement Between the United States of America and the IAEA and the March 31, 2004, Senate Resolution of Ratification, will be used to the maximum extent possible by DoD during any IAEA inspection or visit, including those involving complementary access, to ensure that the IAEA has no access to DoD locations, sites, facilities, or associated information or activities of direct national security significance.  Where or when DoD finds that these managed access provisions will not prevent IAEA access as required, DoD will apply the NSE.
+
+1.3.  INFORMATION COLLECTIONS.  DoD Component reports to the Nuclear Treaty Manager (NTM), as referred to in Paragraph 3.2.a and throughout this issuance, do not require licensing with a report control symbol in accordance with Enclosure 3, Paragraph 1.b.(9) of Volume 1 of DoD Manual 8910.01.
+
+## Section 2:  Responsibilities
+
+2.1.  UNDER SECRETARY OF DEFENSE FOR ACQUISITION AND SUSTAINMENT
+(USD(A&S)).  The USD(A&S) will designate the NTM to facilitate DoD Component reviews of U.S. eligible facilities for IAEA safeguards under the IAEA Agreement or declarable activities under the AP.  The NTM will review the recommendation to apply the NSE through the procedures under this issuance.
+
+2.2.  ASSISTANT SECRETARY OF DEFENSE FOR NUCLEAR, CHEMICAL, AND
+BIOLOGICAL DEFENSE PROGRAMS.  Under the authority, direction, and control of the USD(A&S), the Assistant Secretary of Defense for Nuclear, Chemical, and Biological Defense Programs:
+a.  Chairs and convenes a DoD Compliance Review Group (CRG) as needed to address and resolve compliance issues in a timely manner.
+
+b.  Certifies through the appropriate chains of command that the DoD Component reviews of eligible facilities and declarable activities are complete and the NSE is applied as required.
+
+c.  Ensures that the above responsibilities are carried out in accordance with DoDD 5205.07, DoD Instruction 5205.11, and Volume 1 of DoD Manual 5205.07.
+
+d.  Oversees the NTM, or a designated representative, to serve as the single DoD point of contact for the annual vetting of the eligible facilities list (EFL)  and the AP Declarations made by the Department of Energy (DOE), the Department of Commerce (DOC), and the Nuclear Regulatory Commission (NRC).
+
+2.3.  UNDER SECRETARY OF DEFENSE FOR POLICY(USD(P)).  The USD(P) in coordination with the NTM:
+a.  Provides advice and assistance for application of the NSE and addresses related compliance matters in consultation with the CRG, as appropriate.
+
+b.  Represents the Secretary of Defense on matters related to DoD's application of the NSE
+involving the National Security Council (NSC) staff, the Department of State (DOS), and other federal departments and agencies with responsibility for national security policy in accordance with DoDD 2060.01.
+
+## 2.4.  Dod Component Heads  The Dod Component Heads:
+
+a.  Ensure DoD Component compliance with the policy and procedures in this issuance.
+b.  Designate an implementation and compliance review manager in accordance with DoDD 2060.01 to report to the NTM and to initiate recommendations for application and/or removal of the NSE, provide justification for use of the NSE as required, and address associated managed access or compliance matters.
+
+c.  Develop requirements and procedures for managed access, Military Department equity database management, as applicable, and security and counterintelligence training necessary to protect DoD equities.
+
+2.5.  CHAIRMAN OF THE JOINT CHIEFS OF STAFF.  In addition to the responsibilities in Paragraph 2.4., the Chairman of the Joint Chiefs of Staff:
+a.  Provides advice and assistance for application of the NSE and address related compliance matters in consultation with the CRGs, as appropriate.
+
+b.  Coordinates reviews of eligible facilities and declarable activities by the Military Departments and Combatant Commands for the application of the NSE and managed access.
+
+c.  Coordinates time-sensitive applications of the NSE by the Military Departments or Combatant Commands and address associated managed access or compliance matters.
+
+d.  Provides military advice on matters related to the DoD application of the NSE involving the NSC staff, the DOS, and other Federal departments and agencies with responsibility for national security policy.
+
+e.  Manages and provides secure communications to OSD regarding all Military Departments and Combatant Command equities.
+
+## Section 3:  Procedures
+
+3.1.  BACKGROUND.  DoD will apply the NSE through the following implementation and compliance procedures.
+
+a.  Each DoD Component must make this determination in accordance with its specific security requirements, applicable DoD acquisition regulations, security and countermeasures policies, coordinated military guidance, relevant defense threat assessments and counterintelligence, and the results of any necessary security vulnerability assessments.
+
+b.  If essential information required to make this determination for any facility is not available during this review, the NSE will be applied to that facility until such time that the required information is available and a determination can be made.
+
+3.2.  APPLYING THE NSE UNDER THE IAEA AGREEMENT.  DoD will apply the NSE
+provision of the IAEA Agreement during periodic reviews of proposed U.S. nuclear facilities eligible for IAEA safeguards whenever circumstances require action to prevent IAEA access to current or former DoD locations, sites, facilities or activities of direct national security significance.
+
+a.  Applying the NSE During Periodic Reviews of Proposed EFLs.  DoD will periodically review proposed EFLs to identify facilities in proximity to DoD equities and apply the NSE as described in this issuance.  These reviews must be completed and the NSE applied, as necessary, before any proposed EFL or update is submitted to Congress for approval and subsequent transmittal to the IAEA.
+
+(1)  The NTM will receive proposed updates to the EFL from DOE and the NRC, verify essential information with the U.S. lead agencies responsible for those facilities, and promptly disseminate this information to DoD Components for action.
+
+(2)  DoD Components will review the proposed EFL, or EFL updates, and identify those facilities that must be eliminated from the list to prevent IAEA access (under the IAEA
+Agreement) to any activity or associated facility of direct national security significance.  Each DoD Component will make this determination according to its specific security requirements as described in the introductory paragraph to this section.
+
+(3)  DoD Components will complete their reviews of the proposed EFL, or EFL updates, within 60 calendar days of receipt from the NTM.  The designated implementation and compliance review managers must notify the NTM through the appropriate chains of command of any facilities that require removal from the EFL.
+
+(4)  The NTM will consolidate the DoD Components' notifications into a summary report of DoD applications of the NSE to the proposed EFL.  The NTM will then provide the findings to the Subgroup on IAEA Safeguards in the United States with a copy to the USD(A&S), the USD(P), and the Chairman of the Joint Chiefs of Staff.
+
+(5)  Before the proposed EFL is transmitted to Congress for its approval and subsequent transmittal to the IAEA, the NTM will notify the DOS and responsible departments and agencies of the facilities that the DoD requires to be excluded under the NSE.
+
+(6)  Interagency issues related to application of the NSE to a proposed eligible facility by the DoD will be addressed in accordance with DoDD 2060.01 and the IAEA Agreement.
+
+b.  Applying the NSE Under IAEA Safeguards Due to a Change in Circumstances.  At any time, a DoD Component may determine that a change in operations, acquisitions, threats, vulnerabilities, security requirements, or other circumstances requires the NSE promptly be applied to a facility on the EFL to prevent IAEA access to any activity or associated facility of direct national security significance.  This change in circumstances may require the facility, including those already under IAEA safeguards, to be removed from the EFL for a defined time period or indefinitely.
+
+(1)  The DoD Component implementation and compliance review manager, or designated representative, must notify the NTM through the appropriate chain of command of the requirement to apply the NSE due to a change in circumstances, specifying the facility or facilities to be removed and the date or dates required for removal.
+
+(2)  The NTM must promptly review this requirement and submit it to the USD(A&S)
+with copies to the USD(P) and the Chairman of the Joint Chiefs of Staff.
+
+(3)  The NTM will promptly notify the DOS and the U.S. lead agency responsible for the eligible facility subject to the DoD application of the NSE based on a change in circumstances to prevent IAEA access under the provisions of the IAEA Agreement.
+
+(4)  DoD will address interagency issues related to a change in circumstances and the application of the NSE to facilities on the EFL in accordance with the National Security Presidential Directive (NSPD) 57.
+
+3.3.  APPLYING THE NSE UNDER THE AP.  DoD will apply the NSE to exclude IAEA
+access under the AP to all current and former DoD locations, sites, and facilities as well as associated information and activities of direct national security significance.  This includes DoD-
+owned or -leased spaces, structures, facilities, installations, or land, as well as all DoD-funded programs, activities, or information associated with military, national security, or homeland defense, including but not limited to:  operations and training; intelligence; materiel production, maintenance, and supply; research, development, test and evaluation; and infrastructure and personnel.
+
+a.  Timely DoD Assessments and Application of the NSE.  The following situations require timely DoD assessments and application of the NSE where appropriate:
+(1)  During reviews of periodic data calls and proposed updates to the AP Declaration, but before such updates are submitted for Congressional approval (see Section 4 for periodic reporting requirements).
+
+(2)  Whenever a change in circumstances requires prompt action by DoD to exclude a proposed declaration from the AP Declaration to avoid compromising the security of a defense equity.
+
+(3)  Whenever IAEA complementary access, even with managed access by a U.S. host team, would result in IAEA access to a current or former DoD location, site, or facility or associated information or activities of direct national security significance.  In accordance with the NSPD 57 and the Senate Resolution of Ratification,  DoD must also define the necessary requirements and develop procedures for managing access at or near locations of the DoD equities excluded under the NSE.
+
+b.  Applying the NSE Under the AP During Data Calls for Potential AP Declarations.
+DoD will not declare any activity under the AP, explicitly applying the NSE as needed.  In addition, NSPD 57 designates DoD as one of the U.S. lead agencies responsible for ensuring that no classified information is provided to the IAEA, and that proliferation-sensitive and commercially sensitive and proprietary information is protected to the fullest extent permitted by law.  To mitigate potential compromise of classified or sensitive defense equities by the other departments and agencies, the DoD is required to review all potential AP Declarations and to apply the NSE as instructed here.
+
+(1)  The NTM will coordinate and facilitate DoD review of data collected by the DOE, the NRC, the DOC, or other organizations responsible for collecting, preparing, or reporting such declarations.  The NTM will monitor these declaration processes; request, receive, and verify necessary information from these departments or agencies; and disseminate that information to the DoD Components in a timely, secure manner for action.
+
+(2)  DoD Components will promptly review and assess the information collected from government departments and agencies, public or private institutions, or commercial businesses and identify those potential declarations that could include classified or other sensitive information related to their DoD equities.  DoD Components must make this initial assessment based on their specific operations and acquisition security requirements and coordinated military guidance, as well as those DoD security and countermeasures policies implemented in accordance with DoDD 2060.01.  DoD Components may request additional information from the NTM, the responsible U.S. lead agency, or the declaring entity to support their assessments.
+
+(3)  DoD Components must approve potential declarations not associated with a location, site, or facility, or related information or activity, of direct security significance to DoD.
+
+(4)  DoD Components must identify potential declarations determined to involve a location, site, or facility or related information or activity of direct national security significance and report those potential declarations to the NTM for exclusion from reporting.
+
+(5)  If essential information required to make this determination for any facility is not available during this review, the potential declaration will be excluded from reporting until such time that the required information is available and a determination can be made.
+
+(6)  DoD Components' designated implementation and compliance review managers will notify the NTM of the potential declarations to be excluded within 60 calendar days of receiving the initial information from the NTM.  This notification specifies that the NSE is needed either to mitigate IAEA access to a DoD equity or because the information provided is inadequate to determine if the potential declaration may compromise a classified or sensitive defense equity, or both.  Those potential declarations not identified for exclusion will be approved by the DoD
+Component and reported to the NTM.
+
+(7)  The NTM must verify the required exclusions and coordinate requests for additional information to resolve uncertainties, if required.  The NTM will consolidate the DoD
+Components' exclusion requirements after receiving written notifications from all DoD Components that their necessary reviews are complete.  The NTM must ensure that the DoD review of the data call is complete and submit the list of all required exclusions to the DOC with copies to the USD(A&S), the USD(P), and the Chairman of the Joint Chiefs of Staff.
+
+(8)  Issues related to these exclusions by the DoD must be addressed in accordance with DoDD 2060.01 and NSPD 57.
+
+c.  Applying NSE Under the AP During the Review of Periodic Updates to the AP
+Declaration.  DoD will review information from periodic data calls and proposed updates to the AP Declaration.  DoD Components will complete these periodic reviews and apply the NSE
+before any proposed updates to the AP Declaration are submitted to Congress for approval and subsequent transmittal to the IAEA.
+
+(1)  The NTM must monitor, request, and receive information from periodic data calls by U.S. lead agencies.  The NTM must verify this information with the responsible U.S. lead agencies, as necessary, and will promptly disseminate it to DoD Components.
+
+(2)  DoD Components will review proposed updates to the AP Declaration and identify those facilities that must be excluded from the list to prevent IAEA access under the AP to any location, site, or facility or associated information or activity of direct national security significance.  Each DoD Component must make this determination according to its specific security requirements as described in the introductory paragraph of this section.  If the information required to make this determination for any declaration is not available during this review, then the DoD Component will notify the NTM that the declaration will be excluded under the NSE from the AP Declaration until such time that the required information is available and a determination can be made.
+
+(3)  DoD Component implementation and compliance review manager must notify the NTM through the appropriate chain of command of those proposed declarations to be excluded under the NSE.  DoD Components must also notify the NTM that they have completed any necessary operations security and information security reviews and security vulnerability assessments and have updated requirements and procedures for managed access as well as security and counterintelligence training related to the proposed declaration or update.
+
+(4)  If a DoD Component identifies a previous declaration that requires elimination under the NSE, the DoD Component implementation and compliance review manager should notify the NTM of the requirement for exclusion of that declaration from the AP Declaration.
+
+(5)  The NTM will consolidate DoD Components' notifications into a summary report to document the relevant DoD NSE requirements.  This report will be compiled and reviewed by the NTM with copies sent to the USD(P) and the Chairman of the Joint Chiefs of Staff.  The NTM must record DoD exclusions to the proposed update and notify the DOC and the U.S. lead agencies responsible for the proposed updates of DoD exclusions, as necessary.  The NTM must also verify that the NSE has been applied by the responsible U.S. lead agencies, as required. Conflicts related to the use of the NSE by DoD will be addressed in accordance with DoDD 2060.01 and NSPD 57.
+
+d.  Applying the NSE to a Declared Activity Under the AP Due to a Change in Circumstances.  At any time, a DoD Component may determine that the NSE must be applied to an activity already included in the AP Declaration because of a change in operations, acquisitions, threats, vulnerabilities, security policies or requirements, or other circumstances in order to prevent IAEA access to a location, site, or facility or associated information or activity of direct national security significance.  This change in circumstances may require that the declared activity be excluded for a defined time period or indefinitely.  Some circumstances may also require that a declared activity be removed from the AP Declaration.
+
+(1)  The DoD Component will notify the NTM through the appropriate chain of command of the requirement to apply the NSE, specifying the declared activity to be excluded as well as the dates, or duration, the NSE is required.
+
+(2)  The NTM will review this requirement with the DoD Component and representatives of the USD(P) and the Chairman of the Joint Chiefs of Staff; document the requirement to apply the NSE in the DoD consolidated summary report; and forward the requirement to the USD(P) and the Chairman of the Joint Chiefs of Staff.
+
+(3)  The NTM will notify the DOS and the U.S. lead agencies with jurisdiction over the declaration (or other Federal officials) that DoD is applying the NSE to the declared activity.
+
+(4)  Issues related to DoD application of the NSE will be addressed in accordance with DoDD 2060.01 and NSPD 57.
+
+e.  Applying the NSE Under the AP During Complementary Access.  DoD will apply the NSE to exclude IAEA complementary access under the AP to current or former DoD-owned or - leased locations, sites, and facilities as well as associated information and activities of direct national security significance.  DoD will also apply the NSE to exclude any other activity, location, or information during complementary access where, even with managed access by a U.S. host team, an inspection would result in IAEA access to a current or former DoD location, site, or facility or associated information or activities of direct national security significance.
+
+(1)  In accordance with NSPD 57 and the Senate Resolution of Ratification, DoD
+Components must define the requirements and develop procedures necessary for managing access at or near locations of their equities excluded under the NSE.
+
+(2)  DoD host team members will coordinate the managed access requirements of the affected DoD Component with the host team leader and the NTM.  DoD host team members will also monitor the development and implementation of the inspection plan for IAEA
+complementary access and ensure that IAEA inspector activities do not compromise the DoD NSE or managed access requirements.
+
+(3)  As required and practical, DoD host team members must communicate potential managed access issues from the affected DoD Component or Components to the NTM and the Chairman of the Joint Chiefs of Staff and seek to address the IAEA's requirements through other means.  Where or when DoD host team members are advised or independently determine that managed access will not prevent IAEA access as required, they will withhold consensus within the host team, exercise the DoD right to request an NSE of the affected activity, and elevate the decision to the appropriate forum for disposition.
+
+(4)  Time permitting, DoD will address issues related to the application of the NSE in accordance with DoDD 2060.01 and NSPD 57.  In the case that treaty timelines do not allow for formal resolution of issues related to the application of the NSE, DoD host team members must, by default, apply the NSE until such time as the conflict can be resolved.
+
+## Section 4:  U.S.-Iaea Ap Reporting Requirements Section 1: General Issuance Information
+
+4.1.  REPORTING PERIODS.  Table 1 lists the required reporting periods for the United States to provide its annual AP Declaration updates to the IAEA.  These reporting periods establish the frequency of the periodic reviews and associated application of the NSE by DoD.
+
+Reporting to the IAEA
+Declarations1
+Annual Update of the AP Declaration2
+May 15 of each year
+Declaration of Imports and Exports of
+May 15 of each year
+Nuclear Material
+Declaration of Exports
+Quarterly, to be provided within 60 days of
+(Annex 2 equipment and non-nuclear
+the end of each quarter
+materials) Declaration of Nuclear Waste
+180 days before processing is carried out; annual update by May 15 of each year
+Declaration for Safeguards Effectiveness
+United States and IAEA to establish timing
+and Efficiency
+and frequency Within 60 days of the agency's request
+Declaration of Imports3
+(Annex 2 equipment and non-nuclear materials)
+
+1The IAEA will have access to all declared
+locations.
+2The annual update of the AP Declaration is under
+Article 3(b) of the AP.
+3The Declaration of Imports is under Article 3(g)
+the AP. Since this Declaration of Imports would be
+used by the IAEA to verify another nation's declaration of its exports to the United States, the
+IAEA could request complementary access to the
+U.S. activity.
+
+4.2.  DECLARABLE ACTIVITIES.  The AP Declarations are made in accordance with Article
+3, Paragraphs (b)-(g) of the AP, and included the following declarable activities specified under Article 2:
+a.  Nuclear fuel cycle-related research and development activities not involving nuclear material carried out anywhere that are funded, specifically authorized, or controlled by or carried out on behalf of the U.S. Government (pursuant to Subparagraph 2(a)(i) of the AP).
+
+b.  Design information for a site (pursuant to Subparagraph 2(a)(iii) of the AP).
+
+c.  Scale of operations for each location engaged in Annex 1 activities (assembly or manufacture of nuclear and nuclear-related equipment (pursuant to Subparagraph 2(a)(iv) of the AP).
+
+d.  Mines and concentration plants (pursuant to Subparagraph 2(a)(v) of the AP).
+
+e.  Information, including quantity, chemical composition, and use or intended use (both nuclear and non-nuclear), for source material that has not reached the composition and purity suitable for fuel fabrication or for being isotopically enriched.  This must be declared for each location in the United States where inventory is greater than 10 metric tons of uranium and/or 20 metric tons of thorium, as well as for other locations with quantities of more than 1 metric ton; or the aggregate for the United States as a whole if the aggregate exceeds 10 metric tons of uranium or 20 metric tons of thorium (pursuant to Subparagraph 2(a)(vi)(a) of the AP).
+
+f.  Nuclear material exempt from safeguards under Articles 37 or 36(b) of the IAEA
+Agreement.
+
+g.  General plans for the next 10 years of development of the nuclear fuel cycle, when approved by U.S. officials (pursuant to Subparagraph 2(a)(x) of the AP).
+
+h.  Research and development not involving nuclear material specifically related to enrichment or the reprocessing of nuclear fuel or waste carried out anywhere in the United States but not funded, specifically authorized, controlled by, or carried out on behalf of the United States (pursuant to Subparagraph 2(b)(i) of the AP).
+
+## Glossary G.1.  Acronyms.
+
+| AP       | Additional Protocol                                        |
+|----------|------------------------------------------------------------|
+|          |                                                            |
+| CRG      | compliance review group                                    |
+|          |                                                            |
+| DOC      | Department of Commerce                                     |
+| DoDD     | DoD Directive                                              |
+| DOE      | Department of Energy                                       |
+| DOS      | Department of State                                        |
+|          |                                                            |
+| EFL      | eligible facilities list                                   |
+|          |                                                            |
+| IAEA     | International Atomic Energy Agency                         |
+|          |                                                            |
+| NRC      | Nuclear Regulatory Commission                              |
+| NSC      | National Security Council                                  |
+| NSE      | national security exclusion                                |
+| NSPD     | National Security Presidential Directive                   |
+| NTM      | Nuclear Treaty Manager                                     |
+|          |                                                            |
+| USD(A&S) | Under Secretary of Defense for Acquisition and Sustainment |
+| USD(P)   | Under Secretary of Defense for Policy                      |
+
+G.2.  DEFINITIONS.  Unless otherwise noted, these terms and their definitions are for the purpose of this issuance.
+activities of direct national security significance.  Any current or former DoD Component activity associated with military, national security, or homeland defense capability or intent including but not limited to:  operations and training; intelligence; materiel production, maintenance, and supply; research, development, test, and evaluation; and infrastructure support, manning, or readiness.
+
+AP Declaration.  A list of those peaceful nuclear or nuclear-related activities disclosed by the United States to the IAEA for verification, pursuant to Article 2 of the AP.  The IAEA may request complementary access to verify the completeness or correctness of declared activities.
+
+at or near.  With regard to IAEA access, the proximity (or relative position, space, or time) of DoD locations, sites, and facilities as well as associated information and activities with direct national security significance to an eligible or potentially eligible facility under the IAEA Agreement; or a declared or potentially declarable activity under the AP.
+
+information associated with activities of direct national security significance.  Any unclassified or classified information (including data, text, drawings, or graphics) that is communicated or recorded in any form (including hardcopy, electronic or softcopy, oral, or as imagery, signals, or materials) related to national security or homeland defense, including but not limited to:  military operations or training; intelligence; materiel production, maintenance, or supply; research, development, test, or evaluation; infrastructure or personnel.
+
+locations, sites, and facilities as well as associated information and activities with direct national security significance.  Any current or former DoD-owned, -leased, -funded, or -used space, structure, facility, installation, or land occupied by, or associated with, national security or homeland defense, including but not limited to:  military operations or training; intelligence; materiel production, maintenance, or supply; research, development, test, or evaluation; infrastructure or personnel.
+
+EFL.  The list of facilities containing special fissionable material, or nuclear source material, that the United States makes eligible for IAEA safeguards pursuant to Article 1(b) of the IAEA Agreement.  A facility is subject to IAEA safeguards when selected from the list by the IAEA.
+
+host team.  The group of designated U.S. Government representatives responsible for accompanying and negotiating with the IAEA inspection team during a complementary access visit under the AP.
+
+IAEA inspection with complementary access.  The exercise of the IAEA's access rights as set forth in Articles 4 to 6 of the AP.  Access provided by the United States to IAEA inspectors in accordance with the provisions of the AP will be:
+To assure the absence of undeclared nuclear material and activities at sites, mines, concentration plants, and other locations where nuclear material has been declared.
+
+To resolve a question on the correctness or completeness of the information provided by the United States pursuant to Article 2 of the AP, or to resolve an inconsistency relating to that information.
+
+To confirm, for IAEA safeguards purposes, the decommissioned status of a facility where nuclear material was customarily used.
+
+IAEA safeguards.  The combination of the IAEA Agreement (U.S. Voluntary Offer Agreement).
+
+inspector activities.  Those activities described in Article 6 of the AP. managed access.  Procedures outlined in the Subsidiary Arrangement to the Protocol Additional to the IAEA Agreement to avoid compromise of national security, proprietary, or proliferationsensitive business information, or safety requirements while facilitating IAEA access to activities, locations, or information relevant to demonstrating U.S. compliance with integrated safeguards.
+
+NSE.  The unilateral right of any U.S. lead agency with national security equities to exclude the IAEA from access to locations, sites, or facilities, or associated information or activities, of direct national security significance (IAEA Agreement  AP, and NSPD 57).
+
+nuclear treaty manager.  A nuclear treaty manager for oversight of implementation and compliance for each existing and prospective arms control agreement covered by DoDD 2060.01.
+
+security vulnerability assessment.  Assessments conducted by DoD pursuant to Section 8001
+of Title 22, United States Code, to determine the risk of exposure of DoD locations, sites, or facilities, or associated information or activities, of direct national security significance to IAEA inspectors during an inspection under the AP.
+
+U.S. lead agencies.  Those executive agencies designated in NSPD 57 as having jurisdiction over locations of declarable activities and/or national security equities as well as responsibility for implementation of the AP's requirements to provide information or declarations to the IAEA and/or to arrange for and provide complementary access.  The U.S. lead agencies are the Departments of Energy, Defense, Commerce, and State; the Central Intelligence Agency; and the Nuclear Regulatory Commission.
+
+
+
+## References
+
+Agreement Between the United States of America and the International Atomic Energy
+Agency for the Application of Safeguards in the United States, December 9, 1980
+DoD Directive 2060.01, "Implementation of, and Compliance with, Arms Control
+Agreements," January 9, 2001, as amended
+DoD Directive 5134.01, "Under Secretary of Defense for Acquisition, Technology, and
+Logistics (USD(AT&L))," December 9, 2005, as amended
+DoD Directive 5205.07, "Special Access Program (SAP) Policy," July 1, 2010, as amended DoD Manual 5205.07, Volume 1, "DoD Special Access Program (SAP) Security Manual:
+General Procedures," June 18, 2015, as amended
+DoD Instruction 5205.11, "Management, Administration, and Oversight of DoD Special
+Access Programs (SAPs)," February 6, 2013, as amended
+DoD Manual 8910.01, Volume 1, "DoD Information Collections Manual: Procedures for
+DoD Internal Information Collections," June 30, 2014, as amended
+National Security Presidential Directive 57, "United States Implementation of the
+Additional Protocol to the U.S. - IAEA Safeguards Agreement (U)," February 4, 2008
+Protocol Additional to the Agreement Between the United States of America and the
+International Atomic Energy Agency for the Application of Safeguards in the United States of America, June 12, 1998
+Deputy Secretary of Defense Memorandum, "Establishment of the Office of the Under
+Secretary of Defense for Research Engineering and the Office of the Under Secretary of
+Defense for Acquisition and Sustainment," July 13, 2018
+Senate Resolution of Ratification, Congressional Record [Pages: S3511-S3512], "Protocol
+to the Agreement of the International Atomic Energy Agency Regarding Safeguards in the United States, with 2 Conditions and 8 Understandings," March 31, 2004
+Subsidiary Arrangement to the Protocol Additional to the Agreement Between the United
+States of America and the International Atomic Energy Agency for the Application of Safeguards in the United States of America, July 12, 1998
+United States Code, Title 22

markdown/dod/i3200_12.md

@@ -0,0 +1,468 @@
+## Department Of Defense Instruction
+
+#
+
+NUMBER 3200.12
+August 22, 2013
+Incorporating Change 3, Effective December 17, 2018
+
+USD(R&E) SUBJECT: DoD Scientific and Technical Information Program (STIP)
+
+References: See Enclosure 1
+1.  PURPOSE.  This instruction, in accordance with the authority in Section 133a of Title 10
+United States Code (U.S.C.) (Reference (a)), DoD Directive (DoDD) 5134.01 (Reference (ar)), and July 13, 2018, Deputy Secretary of the Memorandum (Reference (as)): a.  Reissues DoDD 3200.12 (Reference (b)) as a DoD instruction (DoDI) to establish policy, assign responsibilities, and prescribe procedures to carry out the DoD STIP consistent with the national science and technology policy and priorities described in section 6602 of Title 42, U.S.C. (Reference (c)).
+
+
+b.  Incorporates and cancels Directive-type Memorandum 17-002 (Reference (d)).
+
+2.  APPLICABILITY.  This instruction:
+a.  Applies to:
+
+(1)  OSD, the Military Departments, the Office of the Chairman of the Joint Chiefs of Staff and the Joint Staff, the Combatant Commands, the Office of the Inspector General of the Department of Defense, the Defense Agencies, the DoD Field Activities, and all other organizational entities within the DoD (referred to collectively in this instruction as the "DoD
+Components"). (2)  Science and technology programs consisting of basic research, applied research, and advanced technology development programs, which are identified as budget activities (BA) 1, 2, and 3, respectively, in Volume 2A, Chapter 1 of DoD 7000 14-R (Reference (e)).
+
+b.  Does not apply to:
+
+(1)  DoD programs involving day-to-day operations the warfighter uses unless required for scientific and technical analysis.
+
+
+(2)  DoD scientific and technical information the intelligence community produces.
+
+
+(3)  Signals intelligence and communications security information as defined in DoDI
+O-3115.07 and DoDI 8523.01 (References (f) and (g)).
+
+3.  POLICY.  It is DoD policy that:
+a.  The DoD sustains a coordinated program to manage scientific and technical information created or acquired in the execution of research and engineering activities specified in paragraph 2.a.(2).  This program, referred to as the STIP:
+
+
+(1)  Implements a systematic interchange of scientific data and technological findings developed under DoD programs in accordance with the provisions of Reference (c).
+
+
+(2)  Maximizes resources and eliminates duplication of effort by thorough reuse of DoD
+research, development, test, and evaluation investments and assets.
+
+
+(3)  Facilitates rapid technology development, to meet critical warfighter capability needs through the systematic interchange, of useful scientific findings.
+
+
+(4)  Promotes communication and collaboration among DoD scientists, engineers, acquisition professionals, other federal agencies, and academic, private sector, and international partners.
+
+
+(5)  Makes publicly releasable peer-reviewed scholarly publications arising from research and programs funded wholly or in part by DoD available to the public.
+
+(6)  Establishes requirements and responsibilities to ensure that:
+
+(a)  Scientific and technical information (STI) is a key outcome and record of the research and engineering (R&E) work conducted. (b)  DoD STI is appropriately identified, disseminated, preserved, and accessible to policy makers, the scientific community, and the public within the boundaries of laws, regulations, Executive orders, other requirements, and program needs and resources. (c)  Each project effort includes a data management plan (DMP) in order to document the decision process for preserving data for potential reuse and the cost of recreating the data.
+
+b.  The acquisition, documentation, and dissemination of DoD STI is:
+
+(1)  In accordance with this instruction, DoDD 8000.01 (Reference (h)), and Volume 1 of DoD Manual 3200.14 (Reference (i)).
+
+
+(2)  Controlled in accordance with:
+(a)  DoDI 5200.01 (Reference (j)).
+
+(b)  DoDIs 5200.39, 5230.27, 5200.44, 5230.24, 5230.29, 8582.01, and 2040.02
+(References (k) through (q)). (c)  DoDDs 5205.02E, 5230.09, 5230.11, 5230.25, and 5400.11 (References (r)
+through (v)). (d)  DoDD 5400.07 (Reference (w)). (e)  National Security Decision Directive 189 (Reference (x)).
+
+
+(f)  Executive Orders 13526 and 13556 (References (y) and (z)). (g)  Subparts 203, 227, and 252 of Title 48, Code of Federal Regulations (CFR)
+(Reference (aa)). (h)  Parts 120-130 of Title 22, CFR, also known as the "International Traffic in Arms Regulations," (Reference (ab)).
+
+
+(i)  Parts 730-774 of Title 15, CFR, also known as the "Export Administration Regulations" (Reference (ac)).
+
+
+
+4.  RESPONSIBILITIES.  See Enclosure 2. 5.  PROCEDURES.  See Enclosure 3.
+
+
+6.  RELEASABILITY.  This instruction is available on the Directives Division Website at http://www.esd.whs.mil/DD/. 7.  SUMMARY OF CHANGE 3.  The changes to this issuance amend policy directing public access to publically releasable peer-reviewed scholarly publications, require projects to include DMPs, and update procedures to gain access to federally funded scientific research results.
+Additionally, Directive-type Memorandum 17-002 is incorporated and canceled.  Terminology, organizational titles, and references were also updated for accuracy.
+
+8.  EFFECTIVE DATE.  This instruction is effective August 22, 2013.
+
+
+
+Frank Kendall Under Secretary of Defense for Acquisition, Technology, and Logistics Enclosures
+1.  References
+
+2.  Responsibilities
+
+3.  Procedures Glossary
+
+## Enclosure 1 References
+
+(a)
+Title 10, United States Code
+(b)
+DoD Directive 3200.12, "DoD Scientific and Technical Information (STI) Program
+(STIP)," February 11, 1998 (hereby cancelled)
+(c)
+Title 42, United States Code
+(d)
+Directive-type Memorandum 17-002, "Public Access to the Results of DoD Intramural
+Basic Research Published in Peer Reviewed Scholarly Publications," January 10, 2017
+(hereby cancelled)
+(e)
+DoD 7000.14-R, "Department of Defense Financial Management Regulations (FMRs),"
+Volumes 1-15, date varies per volume
+(f)
+DoD Instruction O-3115.07, "Signals Intelligence (SIGINT)," September 15, 2008, as
+amended
+(g)
+DoD Instruction 8523.01, "Communications Security (COMSEC)," April 22, 2008
+(h)
+DoD Directive 8000.01, "Management of the Department of Defense Information
+Enterprise," March 12, 2016, as amended
+(i)
+DoD Manual 3200.14, Volume 1, "Principles and Operational Parameters of the DoD
+Scientific and Technical Information Program (STIP):  General Processes," March 14, 2014
+(j)
+DoD Instruction 5200.01, "DoD Information Security Program and Protection of Sensitive
+Compartmented Information (SCI)," April 21, 2016
+(k)
+DoD Instruction 5200.39, "Critical Program Information (CPI) Identification and
+Protection Within Research, Development, Test, and Evaluation (RDT&E)," May 28, 2015, as amended
+(l)
+DoD Instruction 5230.27, "Presentation of DoD-Related Scientific and Technical Papers at
+Meetings," November 16, 2016, as amended
+(m) DoD Instruction 5200.44, "Protection of Mission Critical Functions to Achieve Trusted
+Systems and Networks (TSN)," November 5, 2012, as amended
+(n)
+DoD Instruction 5230.24, "Distribution Statements on Technical Documents," August 23,
+2012, as amended
+(o)
+DoD Instruction 5230.29, "Security and Policy Review of DoD Information for Public
+Release," August 13, 2014, as amended
+(p)
+DoD Instruction 8582.01, "Security of Unclassified DoD Information on Non-DoD
+Information Systems," June 6, 2012, as amended
+(q)
+DoD Instruction 2040.02, "International Transfers of Technology, Articles, and Services,"
+March 27, 2014, as amended
+(r)
+DoD Directive 5205.02E, "DoD Operations Security (OPSEC) Program," June 20, 2012
+(s)
+DoD Directive 5230.09, "Clearance of DoD Information for Public Release," August 22,
+2008, as amended
+(t)
+DoD Directive 5230.11, "Disclosure of Classified Military Information to Foreign
+Governments and International Organizations," June 16, 1992
+(u)
+DoD Directive 5230.25, "Withholding of Unclassified Technical Data from Public
+Disclosure," November 6, 1984, as amended
+(v)
+DoD Directive 5400.11, "DoD Privacy Program," October 29, 2014
+(w) DoD Directive 5400.07, "DoD Freedom of Information Act (FOIA) Program," January 2,
+2008
+(x)
+National Security Decision Directive (NSDD) 189, "National Policy on the Transfer of
+Scientific, Technical, and Engineering Information," September 21, 1985
+(y)
+Executive Order 13526, "Classified National Security Information," December 29, 2009
+(z)
+Executive Order 13556, "Controlled Unclassified Information," November 4, 2010
+(aa) Title 48, Code of Federal Regulations (ab) Title 22, Code of Federal Regulations (ac) Title 15, Code of Federal Regulations (ad) Public Law 103-62, "Government Performance Results Act of 1993," August 3, 1993 (ae) Public Law 107347, "E-Government Act of 2002," December 17, 2002 (af) DoD Instruction 3200.20, "Scientific and Engineering Integrity," July 26, 2012
+(ag) DoD Directive 5105.73, "Defense Technical Information Center (DTIC)," May 2, 2013
+(ah) DoD Manual 5200.01, "DoD Information Security Program" February 24, 2012, as
+amended
+(ai) DoD Instruction 5015.02, "DoD Records Management Program," February 24, 2015, as
+amended
+(aj) DoD Instruction 3204.01, "Independent Research and Development (IR&D) and Bid and
+Proposal (B&P) Program," August 20, 2014
+(ak) DoD Instruction 5535.8, "DoD Technology Transfer (T2) Program," May 14, 1999 (al) DoD Instruction 8500.01, "Cybersecurity," March 14, 2014 (am) Chairman of the Joint Chiefs of Staff Instruction 6510.01F, "Information Assurance (IA)
+and Support to Computer Network Defense (CND)," February 9, 2011
+(an) DoD Instruction 4000.19, "Support Agreements," April 25, 2013
+(ao) DoD Directive 5122.05, "Assistant to the Secretary of Defense for Public Affairs
+(ATSD(PA))," August 7, 2017
+(ap) DoD Instruction 2030.08, "Implementation of Trade Security Controls (TSCs) for Transfers
+of DoD Personal Property to Parties Outside DoD Control," February 19, 2015
+(aq) Title 5, United States Code
+(ar) DoD Directive 5134.01, "Under Secretary of Defense for Acquisition, Technology, and
+Logistics (USD(AT&L))," December 9, 2005, as amended
+(as) Deputy Secretary of Defense Memorandum, "Establishment of the Office of the Under
+Secretary of Defense for Research Engineering and the Office of the Under Secretary of Defense for Acquisition and Sustainment," July 13, 2018
+
+## Enclosure 2 Responsibilities
+
+1. DIRECTOR OF DEFENSE RESEARCH AND ENGINEERING FOR RESEARCH AND TECHNOLOGY (DDRE(R&T)).  Under the authority, direction, and control of the Under Secretary of Defense for Research and Engineering (USD(R&E)), the DDRE(R&T):
+
+a. Monitors compliance with this instruction and Reference (i).
+b. Provides leadership and policy direction for the management of the DoD STIP.
+c. Provides policy and guidance for the operation and management of defense industry information and the DoD technology transfer program.
+
+d. Maintains oversight of the Information Analysis Center (IAC) program.
+e. Approves or disapproves all proposals by the Heads of the DoD Components to establish or disestablish an IAC or make major changes in an IAC's scope or subject area.
+
+f. Approves service charges DoD technical information dissemination activities collect in a manner consistent with volume 11A, chapter 4, appendix 2 of Reference (e).
+g. Develops, manages, and implements policy to ensure public access to scholarly publications through the Defense Technical Information Center (DTIC) databases.
+
+h. Develops, manages, and implements policy to ensure each project effort will include a DMP.
+
+## 2. Dod Component Heads.  The Dod Component Heads:
+
+a. Ensure that STIP matters in their respective areas are consistent with the policy in this instruction and in Reference (i).
+
+b. Designate a senior-level STI director or manager at the Military Department or the Defense Agency staff level who serves as the single, authoritative point of contact for managing and overseeing STIP matters.
+
+c. Integrate STIP objectives into strategic plans, program plans, management, contract administration, and oversight activities consistent with Public Law (PL) 103-62 (Reference (ad)) and this instruction.
+
+d. Conduct preliminary and periodic searches of research in progress and completed research to define the technology baseline, avoid duplication of effort, and justify investment, before beginning or continuing a technical effort.
+
+e. Report to the Defense Technical Information Center (DTIC), as prescribed by section
+207(g) of PL 107347 (Reference (ae)), R&E data at the performer level including, but not limited to, the entity performing the task, performance dates, funding, and technical summary for:
+
+(1) BA 1 - Basic research (2) BA 2 - Applied research
+(3) BA 3 - Advanced technology development
+f. Adhere to scientific and engineering ethics to assure the integrity of DoD-sponsored research pursuant to DoDI 3200.20 (Reference (af)).
+
+g. Ensure that all results, regardless of outcome, of DoD R&E and studies efforts sponsored in whole or in part by the DoD, are documented and sent to the DTIC in accordance with DoDD 5105.73 (Reference (ag)).
+
+(1) Components ensure that the DoD or extramural organization responsible for each research effort submits to DTIC, STI data that documents the effort to enable others to understand the purpose, scope, approach, results or outcomes, and conclusions or recommendations.  The organization may submit any combination of technical reports, technical papers, journal articles, or other types of STI data.
+
+(2) The organization must submit STI data that are primary sources of the information.
+
+Merely providing citations to where the information may be found is not sufficient to meet this requirement.
+
+(3)
+DoD Component heads, or their designees, will ensure that all publicly releasable peer-reviewed scholarly publications arising from research and programs funded, wholly or in part, by DoD are available to the public through the DTIC databases.
+
+(4) DoD Component heads or their designees will establish guidelines on management and format of DMPs for research projects under their responsibility.  A copy of the DMP should be submitted to DTIC at the start of the research project.
+
+(5) The STI contains a summary of work accomplished, which includes negative and positive results and describes:
+
+(a) Theoretical studies.
+(b) Experimental work.
+(c) Mechanical design.
+(d) Theory of operation. (e) Test procedures.
+(f) Test results.
+(g) Drawings, charts, graphs, illustrations, or other material needed to clarify the presentation.
+
+(6) The STI must contain sufficient detail to allow the methods to be replicated and the results compared.
+
+h. Determine primary and secondary distribution of STI and apply markings in accordance with Volume 2 of DoDM 5200.01 (Reference (ah)), References (n), (s) through (u), and References (v) and (w).
+
+i. Expedite information and technology transfer within the DoD and to the general public, by presenting STI in an unclassified, unlimited form, in accordance with clearance procedures and within the limits of law, government data rights, and national security requirements.
+
+j. Certify eligibility for access to DoD technical information for all non-DoD users based on the determination that the user has a legitimate business relationship with the DoD, and that the scope of the relationship would authorize access to such technical information.  DoD personnel who certify access for non-DoD users have the technical competence and familiarity with the user's needs and intended use for the information to determine that such transactions are in the best interest of the DoD and in accordance with References (q), (t), (u), other applicable policies and references in section 3.b.(2) of this instruction, and the Security and Controls Procedures at Enclosure 3 of this instruction.  Promptly report to DTIC any changes of certification status such as contract termination, revisions to contracts and grants concerning levels of access or completion dates, and changes of address or organization names.
+
+k. Ensure that all records are maintained and managed in accordance with National Archives and Records Administration's approved dispositions to ensure proper maintenance, use, accessibility, and preservation, regardless of format or medium as directed by DoDI 5015.02 (Reference (ai)). 3. ADMINISTRATOR, DTIC.  Under the authority, direction, and control of the USD(R&E), through the DDRE(R&T), the Administrator, DTIC:
+a. Collects, indexes, catalogs, and provides storage for STI obtained from DoD Components and their contractors, non-DoD domestic sources and foreign sources.
+
+b.  Operates a comprehensive preservation program to ensure availability of legacy STI.
+
+c.  Maintains and operates centralized databases of technical and management-related information describing the content and scope of R&E programs, in accordance with DoDI 3204.01 and DoDI 5535.8 (References (aj) and (ak)).
+
+d.  Maintains information management systems and web-based databases to enable full use of DoD-funded STI.  Provides a suite of web products and services for publicly releasable STI as well as systems to manage protected categories of STI in accordance with control or distribution markings including export control.
+
+e.  Provides staff support to DDRE(R&T), on DoD STIP policy formulation, including development and maintenance of References (i), (l), (n), and (u).
+
+f.  Disseminates DoD STI internally to the DoD and other Federal Government agencies including the legislative and judicial branches, in accordance with Reference (h).
+
+g.  Disseminates DoD STI to government contractors, grantees, other governments (local, State, or foreign) where a DoD Component activity has an established legitimate business relationship; when the STI falls within the scope of that relationship; and when the STI is disseminated in accordance with References (q), (t), (u), the Security and Controls Procedures at Enclosure 3 of this instruction, and other applicable policies and references.
+
+
+
+h.  Ensures effective access to and reliable preservation of DoD scholarly publications.
+
+
+
+i.  Maintains an online search engine for metadata and full text of peer-reviewed scholarly publications in the form of either the author's final peer-reviewed manuscript or the publisher's final copy (as provided by the publishers or authors) for public access and download after a 12 month embargo period, if applicable.  This system will provide metadata and abstracts for such publications in a way that is open and readable, and the metadata will be linked to the manuscript or published article.
+
+
+
+j.  Collects and preserves DMPs submitted by researchers.  The DMPs will be protected at the DoD only level.
+
+k.  Ensures that all applicable security requirements are addressed, in accordance with DoDI
+8500.01 (Reference (al)).
+
+l.  Ensures that provisions for input, access, and retrieval are in accordance with the computer security requirements of Chairman of the Joint Chiefs of Staff Instruction 6510.01F (Reference
+(am)).
+
+
+m.  Operates and maintains a DoD-wide certification and registration system.  Maintains a central authority file of certified and approved users.
+
+
+n.  Provides coordination, planning, and integration of DoD-funded IACs.  Establishes and sustains a comprehensive IAC program in support of DoD and federal science and technology programs.
+
+
+o.  Supports program-specific STI management efforts through support and inter-service agreements, in accordance with DoDI 4000.19 (Reference (an)).
+
+p.  Sustains a science and technology collaboration and networking environment to enhance information sharing across the department and with industry partners.
+
+q.  Provides training on the principles and procedures of the DoD STIP.
+
+
+
+## Enclosure 3 Procedures
+
+ 1.  STIP OVERVIEW
+a.  The STIP operates as a coordinated structure of decentralized activities with overall policy direction and oversight vested in USD(R&E).  Its purpose is to ensure that STI is appropriately managed to enable scientific knowledge and technological innovations to be fully accessible to the research community, industry, the military operational community, and the general public within the boundaries of law, regulation, other directives and executive requirements.
+
+
+b.  The DoD STIP consists of many elements that facilitate and contribute to the acquisition, production, reproduction, and distribution of intellectual property.  Additionally, selected STIP functions provide support to the management of selected Defense acquisition programs and the DoD studies program.
+
+c.  Activities such as DTIC, the IACs, DoD databases, and technical libraries function as repositories, custodians, and secondary distribution activities that maximize the return on investment in R&E and studies.
+
+d.  Applicable plans and resources are applied to preserve essential STI when organizational realignments, consolidations, and program cancellations eliminate the STI holdings of such activities.
+
+e.  The DTIC provides centralized operation of specific STIP functions such as access and dissemination of STI and database and reference services; sustains a collaboration and networking environment to enhance information sharing among scientists, engineers, and the operational community; and provides direct information system and database support in coordinating the overall STIP.
+
+f.  A principal objective of the STIP is to improve the scope and effectiveness of collecting, processing, distributing, and applying STI.  The STIP applies the latest available technologies and provides for maximum participation and compatibility among the information programs of DoD Components, other federal agencies, the private sector, and international partners. 2.  PUBLIC RELEASE OF STI
+a.  All policies and procedures governing the distribution of STI to the public are subject to review and approval by the Washington Headquarters Services Defense Office of Prepublication and Security Review or component public affairs personnel in accordance with Reference (s).
+
+
+
+b.  Official DoD documents including, but not limited to, audio-visual materials or press releases which meet the criteria in DoDD 5122.05 (Reference (ao)), are approved for public release by the Assistant to the Secretary of Defense for Public Affairs.
+
+
+3.  PUBLIC ACCESS TO THE RESULTS OF DOD-FUNDED RESEARCH
+a.  In accordance with Reference (af), the DoD will maximize the free flow of scientific and engineering information developed by or for DoD to the public.
+
+b.  Publicly releasable results of research arising directly from DoD funding and published in peer-reviewed publications must be stored for long-term preservation and publicly accessible to search, retrieve, and analyze in ways that maximize the impact and accountability of the DoD's research investment.  Final peer reviewed manuscripts or final published documents must be available for reading, download, and analysis in digital form after a 12-month post-publication embargo period.
+
+c.  Data management planning should be an integral part of research planning.  The responsible component will submit a copy of a document describing this plan to DTIC at the start of the research project.  Generally, the data management plan will not exceed 2 pages.  It will conform to a format established by the relevant research discipline or such other format that meets the requirements of the responsible component, including, but not limited to:
+
+(1)  The types of data, software, and other materials to be produced.
+
+
+
+(2)  How the data will be acquired.
+
+(3)  Time and location of data acquisition, if scientifically pertinent.
+
+(4)  How the data will be processed.
+
+(5)  The file formats and the naming conventions that will be used.
+
+(6)  A description of the quality assurance and quality control measures during collection,
+analysis, and processing.
+(7)  A description of dataset origin when existing data resources are used.
+
+(8)  A description of the standards to be used for data and metadata format and content.
+
+(9)  Appropriate timeframe for preservation.
+
+(10)  The plan may consider the balance between the relative value of data preservation and other factors such as the associated cost and administrative burden.  The plan will provide a justification for such decisions.
+
+
+
+(11)  A statement that the data cannot be made available to the public when there are national security or controlled unclassified information concerns (e.g., "This data cannot be cleared for public release in accordance with the requirements in DoD Directive 5230.09.") 4.  SECURITY AND CONTROLS
+a.  The overriding priority of the STIP is to ensure timely and effective exchange of all STI
+generated by, or needed in, the conduct of DoD R&E programs.  The publication and reporting of such information frequently requires security safeguards or specific limitations on access or distribution.
+
+b.  Effective coordination is necessary among the STIP and programs involving technical intelligence; information security management; foreign disclosure and other international technology transfer activities; intellectual property counsel; technical data management; and manpower, logistics, and acquisition systems.  This coordination ensures maximum compatibility, interchange of information, and avoidance of duplication of effort.
+
+
+c.  Every effort is made, under the limits of U.S. law, regulations, policy, and national security requirements, to prepare technical documents and other types of DoD STI in an unclassified, unlimited form and in accordance with established clearance procedures.  Such use of unclassified STI or of unclassified versions of DoD STI expedites information transfer in the DoD and to the national scientific and technical community.
+
+d.  STI is protected in the interest of national security, in accordance with References (y) and
+(j) or other statutory, regulatory, and policy provisions, including but not limited to References (k), (m), (n), (p), (q), (r), (u), (v), (w), and (z).
+
+
+
+e.  STIP processes support and incorporate DoD policy to prevent the unauthorized export or transfer of export-controlled technology and technical data, pursuant to parts 730-774 of Title 15, and parts 120-130 of Title 22, CFR (References (ac) and (ab)) and as specified in References (q),
+(u), and DoDI 2030.08 (Reference(ap)).
+
+f.  Proprietary data in which the DoD has less than unlimited rights is appropriately marked and protected pursuant to subsections 252.227-7013, 252.227-7014, 252.227-7015, and 252.227.7018 of Title 48, CFR (Reference (aa)).
+
+g.  Requests for records pursuant to section 552 of Title 5, U.S.C. (Reference (aq)) are processed in accordance with Reference (w).
+
+5.  STIP FUNCTIONS
+a.  A set of operational functions are required and are used to implement the policies and procedures of the DoD STIP.  The STIP functions involve recording and transferring STI from its generator or source to the ultimate user or beneficiary.  The STIP functions embrace a broad spectrum of activity from generation, publication, distribution, and storage, to access, assimilation, and analysis of STI.
+
+b.  STI functions include, but are not limited to:
+
+(1)  The preparation, management, preservation, and distribution of STI.
+
+
+(2)  The provision of STI services, including acquisition, archival functions, repositories, announcements, and various means of distribution, access, transmission, and analysis.
+
+
+(3)  The operation of data centers, IACs, technical libraries, and other information activities that collect, store, process, and provide document, data, or information services in direct support to information seekers or that act as intermediaries between the user and other STI
+functions.
+
+
+(4)  The implementation and operation of database services, including numeric, bibliographic, full-text, and management information databases, database processes and products, and the application of electronic and telecommunications techniques for data entry, storage, access, search, retrieval, and collaboration.
+
+
+(5)  The provision of information and decision-support systems and services for use in management of R&E programs.
+
+
+(6)  The operation of directory or reference services to identify and locate available STI
+and R&E capabilities and resources.
+
+
+(7)  The conduct and support of technical meetings and conferences.
+
+
+(8)  The provision of information exchange programs to facilitate transfer of technology from DoD R&E programs to civilian purposes.
+
+
+(9)  The operation of programs to effect exchange of DoD technical planning, requirements, and acquisition information across the DoD enterprise and with private sector organizations engaging in DoD programs.
+
+
+(10)  The study of, and experimentation with, new methods and techniques in handling STI and promoting the communication of new ideas or knowledge among scientists and engineers.
+
+
+(11)  The security aspects of information management to include systematic review, maintenance, and notification of classified and controlled unclassified information.
+
+
+(12)  The development and implementation of mechanisms and techniques to foster the awareness and use of STI resources, products, and services.
+
+## Glossary Part I.  Abbreviations And Acronyms
+
+
+
+BA
+budget activity
+
+
+CFR
+Code of Federal Regulations
+
+
+DDRE(R&T) Director Defense Research and Engineering for Research and Technology DMP
+data management plan
+DoDD
+DoD Directive
+DoDI
+DoD Instruction
+DTIC
+Defense Technical Information Center
+
+
+IAC
+Information Analysis Center
+
+
+PL
+Public Law
+
+
+R&E
+research and engineering
+
+
+STI
+scientific and technical information
+STIP
+scientific and technical information program
+
+
+U.S.C.
+United States Code
+USD(R&E)
+Under Secretary of Defense for Research and Engineering
+
+## Part Ii.  Definitions
+
+
+Unless otherwise noted, these terms and their definitions are for the purpose of this instruction.
+
+
+data.  The digitally recorded factual material commonly accepted in the scientific community as necessary to validate research findings, including data sets used to support scholarly publications.  It includes any publicly releasable digital data, algorithms, or other information central to the conclusions of published peer-reviewed scientific research that would enable an individual skilled in the discipline to verify or replicate any major claim presented in the published scientific research.  This does not include laboratory notebooks, preliminary analyses, drafts of scientific papers, plans for future research, peer review reports, communications with colleagues, or physical objects. data management plan.  A document that describes which data generated through the course of the proposed research will be shared and preserved and how it will be done.  It may explain why data sharing or preservation is not possible or scientifically appropriate, or why the costs of sharing or preservation are incommensurate with the value of doing so. embargo period.  The time during which the publisher's final copy of the publication is not openly accessible. final peer-reviewed manuscript.  An author's final manuscript of a peer-reviewed paper accepted for journal publication, including all modifications from the peer-review process. final published article.  A publisher's authoritative copy of an article, including all modifications from the publishing peer-review process, copyediting, stylistic edits, and formatting changes. legitimate business relationship.  When the DoD determines that a need exists to acquire, share, exchange, or distribute DoD technical information to anyone other than a DoD government employee for supporting the DoD mission.  A legitimate business relationship may be established by any agreeable means such as a memorandum of understanding, agreement, contract, or grant.  The DoD has the sole responsibility for determining that a legitimate business relationship exists since the only purpose is to provide access to information created by, or under the control of, the DoD.  Such a relationship may be established with an individual or organization in another federal department or agency; contractors, grantees, potential DoD contractors; other branches of the federal government; State and local governments; and foreign countries. R&E.  Includes science and technology programs (consisting of basic research, applied research, and advanced technology development) programs, which are identified as BAs 1, 2, and 3 respectively, in Reference (e). STI.  Findings and technological innovations resulting from R&E efforts and science and technology work of scientists, researchers, and engineers, whether contractor, grantee, or federal staff.  STI also conveys the results of demonstration and commercial application activities as well as experiments, observations, simulations, studies, and analyses.  STI is found in many forms and formats including textual, graphical, numeric, multimedia, and digital data, technical reports, scientific and technical conference papers and presentations, theses and dissertations, scientific and technical computer software, journal articles, workshop reports, program documents, patents, and other forms or formats of technical data.  STI may be classified, controlled unclassified information (including export controlled or personally identifiable information), or unclassified publically releasable.  DoD-funded STI originates primarily from research and other activities performed by direct DoD-executed prime procurements, DoD-
+operated research activities, and financial assistance recipients, as well as DoD employees. STIP.  A coordinated program to identify, assemble, organize, and preserve the results of DoD- funded R&E and studies in a manner that supports accessibility to the broadest extent possible within the boundaries of law, regulation, directive, or executive requirement.

markdown/dod/i4140_66.md

@@ -0,0 +1,189 @@
+## Department Of Defense
+
+#
+
+## Instruction
+
+# Number 4140.66 September 7, 2010 Incorporating Change 1, May 24, 2017
+
+
+USD(P) SUBJECT: Registration and End-Use Monitoring of Defense Articles and/or Defense Services
+
+References: See Enclosure 1 1.  PURPOSE.  In accordance with the authority in DoD Directive 5111.1 (Reference (a)) and Deputy Secretary of Defense Memorandum (Reference (b)), this Instruction:
+a.  Reissues DoD Instruction 4140.66 (Reference (c)) to update policies, responsibilities, and procedures, in accordance with section 1228 of Public Law 110-181 and section 1225 of Public Law 111-84 (References (d) and (e), respectively), to certify the establishment of a registration and monitoring system for controlling the export and/or transfer of defense articles and/or defense services.
+
+b.  Designates the Director, Defense Security Cooperation Agency (DSCA), as the DoD lead agent responsible for:
+
+
+(1)  Managing and implementing the Department of Defense's Golden Sentry end-use monitoring (EUM) program.
+
+
+
+(2)  Developing, implementing, and providing oversight of the registration and monitoring policy, through EUM inspection and other means, pursuant to this Instruction.
+
+2.  APPLICABILITY.  This Instruction applies to:
+a.  OSD, the Military Departments, the Office of the Chairman of the Joint Chiefs of Staff and the Joint Staff, the Combatant Commands, the Office of the Inspector General of the Department of Defense, the Defense Agencies, the DoD Field Activities, and all other organizational entities within the Department of Defense (hereafter referred to collectively as the "DoD Components").
+
+b.  All DoD government-to-government transfers or exports of defense articles and/or defense services including those to the governments of Iraq, Afghanistan, and/or Pakistan and, in accordance with References (d); (e); section 644 of The Foreign Assistance Act of 1961, as amended, (Reference (f)); and The Arms Export Control Act of 1976, as amended (Reference
+(g)).
+
+
+3.  DEFINITIONS.  See Glossary. 4.  POLICY.  It is DoD policy that:
+a.  Defense articles and defense services are provided to Iraq, Afghanistan, and/or Pakistan through DoD government-to-government transfers when it is in the national security interests of the United States to do so, including in support of the conduct of effective overseas contingency operations.  DoD government-to-government transfers or exports of defense articles and/or defense services to the governments of Iraq, Afghanistan, and/or Pakistan and, in accordance with References (d) and (e), to other groups, organizations, citizens, or residents of Iraq, Afghanistan, and/or Pakistan shall be subject to regulation and monitoring, as provided in References (d) and (e).  References herein to Iraq, Afghanistan, and/or Pakistan are deemed to include other groups, organizations, citizens, or residents of those countries.
+
+b.  A registration and monitoring system to control transfers of defense articles and/or defense services described in References (d) and (e) shall be implemented pursuant to those references.
+
+5.  RESPONSIBILITIES.  See Enclosure 2. 6.  PROCEDURES.  See Enclosure 3. 7.  INFORMATION REQUIREMENTS.  The quarterly report referred to in paragraph 3.e. of Enclosure 2 has been assigned report control symbol RCS DD-POL(Q)2334 in accordance with DoD Manual 8910.1-M *the procedures in Volume 1 of DoD Manual 8910.01* (Reference (h)).
+The expiration date of this information collection is listed in the DoD Information Collections System at https://eitsdext.osd.mil/sites/dodiic/Pages/default.aspx.
+
+8.  RELEASABILITY.  UNLIMITED *Cleared for public release*.  This Instruction is approved for public release and is available on the Internet from the DoD Issuances Website at http://www.dtic.mil/whs/directives. 9.  EFFECTIVE DATE.  This Instruction is effective immediately *September 7, 2010*.
+
+Enclosures
+1.  References
+
+2.  Responsibilities
+
+3.  Procedures for Certification of Registration and Monitoring Systems for Defense Articles
+and Defense Services Provided to Iraq, Afghanistan, and/or Pakistan
+Glossary
+
+## Enclosure 1 References
+
+ (a) DoD Directive 5111.1, "Under Secretary of Defense for Policy (USD(P)),"
+December 8, 1999
+
+(b) Deputy Secretary of Defense Memorandum, "Delegation of Authority," November 30,
+2006
+(c) DoD Instruction 4140.66, "Registration and Monitoring of Defense Articles," October 15,
+2009 (hereby cancelled)
+(d) Section 1228 of Public Law 110-181, "National Defense Authorization Act for Fiscal Year
+2008," January 28, 2008
+(e) Section 1225 of Public Law 111-84, "National Defense Authorization Act for Fiscal Year
+2010," October 28, 2009
+(f)
+Section 644 of the Foreign Assistance Act of 1961, as amended, (Section 2403 of title 22,
+United States Code)
+(g) The Arms Export Control Act of 1976, as amended, including Sections 3 and 40A of the
+Act (Chapter 39 of title 22, United States Code, including Section 2753 and 2785)
+(h) DoD Manual 8910.1-M, "Department of Defense Procedures for Management of
+Information Requirements," June 30, 1998 DoD Manual 8910.01, Volume 1, "DoD
+Information Collections:  Procedures for DoD Internal Information Collections," June 30, 2014, as amended
+(i)
+The Atomic Energy Act of 1954, as amended, (Section 2011 et seq, title 42, United States
+Code)
+(j)
+Part 121 of title 22, Code of Federal Regulations (also known as the "United States
+Munitions List")
+
+
+## Enclosure 2 Responsibilities
+
+ 1.  DIRECTOR, DSCA.  The Director, DSCA, under the authority, direction, and control of the Under Secretary of Defense for Policy, shall:
+a.  Manage and implement the DoD Golden Sentry EUM Program and establish EUM policy in accordance with section 2785 of title 22, United States Code (Reference (g)) and other authorities listed in this Instruction.
+
+b.  Ensure that DSCA, as the DoD lead agency, develops, implements, and enforces the defense articles and defense services registration and monitoring system, and prepares DoD
+submissions for the Secretary of Defense and/or the President certifying that DoD systems are compliant with this Instruction.
+
+c.  Develop guidance in collaboration with the DoD Components to ensure compliance with this Instruction.
+
+d.  Conduct a review of appropriate DoD Components to ensure consistent and proper implementation of the guidance and procedures prescribed in this Instruction.
+
+e.  Maintain liaison with the DoD Components that authorize the export or transfer of defense articles and/or defense services subject to the requirements of this Instruction.
+
+f.  Ensure that the Heads of the DoD Components who manage or administer programs that transfer or export defense articles and/or defense services subject to the requirements of this Instruction develop and implement the necessary procedures to comply with this Instruction. Component managers or administrators may include the Commander, United States Forces-Iraq (USF-I); the Commander, Combined Security Transition Command-Afghanistan (CSTC-A); the Commander, Office of Defense Representative, Pakistan (ODR-P); and follow-on commands under the authority, direction, and control of the Commander, United States Central Command (USCENTCOM) and through the Chairman of the Joint Chiefs of Staff.
+
+g.  Prepare and coordinate materials for the President or Secretary of Defense for certification to specified congressional committees of the establishment of programs as required by References (d) and (e).
+
+h.  Request and receive support from intelligence or counterintelligence agencies as necessary with respect to defense articles and defense services to be transferred to mitigate risk of illicit transfers or proliferation of military systems with sensitive technologies.
+
+i.  Ensure that any DoD Component that transfers defense articles and/or defense services to a foreign government, international organization, or any foreign entity or person pursuant to an authority other than References (d), (e), (f), and (g), either complies with end-use monitoring guidance issued by the DoD Golden Sentry EUM Program, or annually provides information to the DoD Golden Sentry EUM Program documenting an equivalent level of post-transfer EUM
+programmatic oversight.
+
+
+
+2.  COMMANDER, USCENTCOM.  The Commander, USCENTCOM, through the Chairman of the Joint Chiefs of Staff, and in addition to the responsibilities in section 3 of this enclosure, shall identify and commit the appropriate resources to ensure compliance with this Instruction. 3.  COMMANDER, USF-I; COMMANDER, CSTC-A; COMMANDER, ODR-P; COMMANDERS OF USCENTCOM FOLLOW-ON SUBORDINATE COMMANDS; AND THE HEADS OF THE DoD COMPONENTS.  The Commander, USF-I; the Commander, CSTC-A; the Commander, ODR-P; the commanders of follow-on commands under the authority, direction, and control of Commander, USCENTCOM; and the Heads of the DoD Components who manage or administer programs that transfer or export defense articles and/or defense services to Iraq, Afghanistan, and/or Pakistan shall:
+a.  Collaborate with the Director, DSCA, to develop and recommend updates to the policy in this Instruction.
+
+b.  Establish a registration and monitoring system for DoD government-to-government transfer or export of defense articles and/or defense services pursuant to the following transfer authorities:
+
+
+(1)  Iraq.  Reference (d) for the transfer of all defense articles under the Iraq Security Forces Fund or any other security assistance program.
+
+
+
+(2)  Afghanistan and Pakistan.  Reference (e) for the transfer of all defense articles and services pursuant to authorities other than the Arms Export Control Act or Foreign Assistance Act of 1961 and using funds made available to the Department of Defense including, but not limited to, funds made available pursuant to the Afghan Security Forces Fund and the Pakistan Counterinsurgency Fund.
+
+c.  Develop the necessary compliance plans and procedures to administer and maintain a comprehensive system of registration and monitoring of defense articles and/or defense services provided to Iraq, Afghanistan, and/or Pakistan, including maintaining auditable records sufficient to certify that the system complies with this Instruction.  These plans and procedures shall include the necessary steps to ensure certain requirements are completed:
+
+(1)  The registration of the serial numbers of all small arms (as defined in the Glossary) to be provided to the governments of Iraq, Afghanistan, and/or Pakistan and/or to other groups, organizations, citizens, or residents of Iraq, Afghanistan, and/or Pakistan.
+
+
+(2)  An EUM program of all lethal defense articles (as defined in the Glossary) to be provided to the governments of Iraq, Afghanistan, and/or Pakistan and/or to other groups, organizations, citizens, or residents of Iraq, Afghanistan, and/or Pakistan.  Monitoring will include at a minimum formal and informal site visits (at least one facility per quarter) to evaluate the security of weapons storage facilities and procedures for issuing and securing lethal defense articles.  Records of these visits shall be maintained and made available during DSCA
+evaluations.
+
+
+(3)  A detailed record of the origin, shipping, and distribution of all defense articles provided to the governments of Iraq, Afghanistan, and/or Pakistan, and/or to other groups, organizations, citizens, or residents of Iraq, Afghanistan, and/or Pakistan.
+
+d.  Provide the Director, DSCA, formal documentation through respective headquarters specifying the procedures that shall be implemented to ensure compliance with this Instruction.
+
+
+e.  Provide to DSCA and the Army Materiel Command's Logistics Support Activity a quarterly report (Small Arms/Lethal Items Transfer Report) with the quantities and types of all small arms and lethal items transferred to Iraq, Afghanistan, and/or Pakistan; submit these quarterly reports electronically on the last day of each quarter of the fiscal year.
+
+
+(1)  Programs that do not allow transfer or export of small arms or lethal defense articles are exempt from subparagraphs 2.a.(1) and 2.a.(2) of Enclosure 3 of this Instruction.
+
+
+(2)  In cases where no shipment is involved or the recipients within the governments of Iraq, Afghanistan, and/or Pakistan are responsible for removal and transportation of general defense articles, only a description of the origin and distribution must be captured in records.
+
+f.  Identify a point of contact to DSCA who shall be responsible to ensure compliance with this Instruction.
+
+## Enclosure 3 Procedures For Certification Of Registration And Monitoring Systems For Defense Articles And Defense Services Provided To Iraq, Afghanistan, And/Or Pakistan
+
+ 1.  NOTIFICATION
+a.  DSCA.  DSCA shall ensure that all responsible DoD Components have established procedures that meet the requirements of the registration and monitoring system prescribed by this Instruction.
+
+
+b.  DoD Components.  Each DoD Component point of contact shall identify to the Director, DSCA, all DoD government-to-government transfers or exports of defense articles and/or defense services to Iraq, Afghanistan, and/or Pakistan. 2.  INFORMATION SUBMISSION.  Each DoD Component identified by DSCA shall assemble and provide on a quarterly basis to the Director, DSCA, a complete submission with the following mandatory elements:
+a.  Transfer Authority.  A detailed description of its transfer authority and certification that a registration and monitoring system in accordance with this Instruction has been implemented, including:
+
+(1)  The registration of the serial numbers of all small arms transferred in accordance with References (d) and (e).
+
+
+(2)  EUM of lethal defense articles transferred in accordance with References (d) and (e).
+
+
+(3)  Its process for keeping records of the origin, shipping, and distribution of all defense articles and defense services in accordance with References (d) and (e).
+
+
+b.  Validation Procedure.  A detailed description of the validation procedure used by the DoD
+Component to assess system compliance with this Instruction, including preparatory steps and conditions, actual validation steps, expected results, and criteria and protocols for recording actual results.
+
+c.  Compliance Assessment.  A thorough assessment of compliance as to each part of this Instruction.
+
+d.  Process Deficiencies.  For any system not fully compliant with this Instruction:
+
+(1)  A detailed description of system and process deficiencies and a plan whereby the DoD Component will ensure compliance on a schedule as directed by DSCA.
+
+
+(2)  If compliance cannot be ensured within the schedule established by DSCA, the impact on mission performance and national security if the DoD Component cannot provide defense articles and defense services to Iraq, Afghanistan, and/or Pakistan pursuant to this Instruction.
+
+
+e.  General Monitoring.  An assessment of compliance with sections 2753 and 2785 of Reference (g) as to general EUM.
+
+f.  Background Material.  Supporting background material, system test results, and any documentation deemed relevant by the DoD Component or DSCA.
+
+3.  CONTENT.  The content, format, and detail of system submissions shall be prescribed by DSCA.
+
+## Glossary Definitions
+
+ Unless otherwise noted, the following terms and their definitions are for the purpose of this Instruction. defense article.  Defense article:
+Includes:
+
+Any weapon, weapons system, munition, aircraft, vessel, boat, or other implement of war;
+
+Any property, installation, commodity, material, equipment, supply, or goods used for the purposes of furnishing military assistance;
+
+Any machinery, facility, tool, material supply, or other item necessary for the manufacture, production, processing, repair, servicing, storage, construction, transportation, operation, or use of any article listed in Reference (f);
+
+Any component or part of any article listed in Reference (f);
+Shall not include merchant vessels or, as defined by The Atomic Energy Act of 1954, as amended (Reference (i)), source material (except uranium depleted in the isotope 235 that is incorporated in defense articles solely to take advantage of high-density or pyrophoric characteristics unrelated to radioactivity), by-product material, special nuclear material, production facilities, utilization facilities, or atomic weapons or articles involving RD. defense service.  Includes any service, test, inspection repair, publication, or technical or other assistance or defense information used for the purposes of furnishing military assistance.  Does not include military education and training activities. lethal defense article.  Any defense articles provided to Iraq, Afghanistan, and/or Pakistan that are:  Munitions in Categories I and II of part 121 of title 22, Code of Federal Regulations (Reference (j)) (also known and referred to as the "United States Munitions List" (USML)), capable of firing or launching any ammunition, ordnance, or munitions in USML Categories III or IV.  Vessels, vehicles, or aircraft fitted with, or designed or modified to accommodate, any defense article described in this term.  Munitions in USML Category IV. small arms.  Defined in section 1228(e)(2) of Reference (d) and section 1225(d)(3) of Reference (e).

markdown/dod/i5040_05.md

@@ -0,0 +1,72 @@
+## Department Of Defense Instruction Subject:  Alteration Of Official Dod Imagery References: (A) Dod Directive 5040.05, "Alteration Of Official Dod Imagery," August 29, 1995 (Hereby Canceled)
+
+
+(b) Deputy Secretary of Defense Memorandum, "DoD Directives Review -
+
+
+Phase II," July 13, 2005
+
+(c) DoD Directive 5122.05, "Assistant Secretary of Defense for Public Affairs,"
+September 27, 2000
+
+## 1.  Reissuance And Purpose This Instruction:
+
+1.1.  Reissues Reference (a) as a DoD Instruction according to the guidance in Reference (b).
+
+1.2.  Establishes policy and assigns responsibilities to ensure the absolute credibility of official DoD imagery in and outside the Department of Defense under the authority of Reference (c).
+
+2.  APPLICABILITY AND SCOPE This Instruction applies to the Office of the Secretary of Defense (OSD), the Military Departments, the Chairman of the Joint Chiefs of Staff, the Combatant Commands, the Office of the Inspector General of the Department of Defense, the Defense Agencies, the DoD Field Activities, and all other organizational entities in the Department of Defense (hereafter referred to collectively as the "DoD Components").
+
+3.  DEFINITION
+
+Official DoD Imagery.  All photographic and video images, regardless of the medium in which they are acquired, stored, or displayed, that are recorded or produced by persons acting for or on behalf of DoD activities, functions, or missions.
+
+4.  POLICY It is DoD policy that:
+4.1.  Official DoD imagery is an essential tool for decision-makers at every DoD level.
+
+
+4.2.  Mission success and the protection of lives and property depend on official DoD
+imagery being complete, timely, and above all, highly accurate.
+
+4.3.  Anything that weakens or casts doubt on the credibility of official DoD imagery in or outside the Department of Defense shall not be tolerated.
+
+4.4.  The alteration of official DoD imagery by persons acting for or on behalf of the Department of Defense is prohibited, except as follows:
+4.4.1.  Photographic techniques common to traditional darkrooms and digital imaging stations such as dodging, burning, color balancing, spotting, and contrast adjustment that are used to achieve the accurate recording of an event or object are not considered alterations.
+
+
+4.4.2.  Photographic and video image enhancement, exploitation, and simulation techniques used in support of unique cartography; topography; engineering; geodesy; intelligence; criminal investigation; medical; research, development, test & evaluation; scientific; and training requirements are authorized if they do not misrepresent the subject of the original image.
+
+4.4.3.  The obvious masking of portions of a photographic image in support of specific security, criminal investigation, privacy, or legal requirements is authorized.
+
+4.4.4.  The use of cropping, editing, or enlargement to selectively isolate, link, or display a portion of a photographic or video image is not considered alteration.  Cropping, editing, or image enlargement that has the effect of misrepresenting the facts or circumstances of the event or object as originally recorded is prohibited.
+
+4.4.5.  The digital conversion and compression of official DoD imagery is authorized.
+
+
+4.4.6.  Photographic and video post-production enhancement, including animation, digital simulation, graphics, and special effects, used for dramatic or narrative effect in education, recruiting, safety and training illustrations, publications, or productions is authorized under either of the conditions in subparagraph 4.4.6.1. or 4.4.6.2., below.
+
+4.4.6.1.  The enhancement does not misrepresent the subject of the original image; or,
+
+4.4.6.2.  It is clearly and readily apparent from the context or from the content of the image or accompanying text that the enhanced image is not intended to be an accurate representation of any actual event.
+
+5.  RESPONSIBILITIES
+
+5.1.  The Assistant Secretary of Defense for Public Affairs (ASD(PA)) shall:
+
+5.1.1.  In coordination with the other OSD Principal Staff Assistants, provide oversight policy and guidance to ensure the absolute credibility of official DoD imagery.
+
+5.1.2.  Monitor compliance of this Instruction.
+
+
+5.1.3.  Ensure compliance with this Instruction for those activities under the purview of the ASD(PA).
+
+5.2.  The Other OSD Principal Staff Assistants shall:
+
+5.2.1.  Maintain liaison with the ASD(PA) in maintaining oversight policy and guidance to ensure the absolute credibility of official DoD imagery.
+
+5.2.2.  Ensure compliance with this Instruction for those activities in their purview.
+
+
+5.3.  The Heads of the DoD Components shall ensure compliance with this Instruction for those activities in their purview.
+
+6.  EFFECTIVE DATE This Instruction is effective immediately.

markdown/dod/i5100_76.md

@@ -0,0 +1,222 @@
+## Department Of Defense Instruction
+
+NUMBER 5100.76
+February 28, 2014
+Incorporating Change 2, Effective October 19, 2020
+USD(I&S)
+SUBJECT: Safeguarding Sensitive Conventional Arms, Ammunition, and Explosives (AA&E) References: See Enclosure 1 1. PURPOSE.  This instruction  reissues DoD Instruction (DoDI) 5100.76 (Reference (a)), in accordance with the authority in DoD Directive (DoDD) 5143.01 (Reference (b)), to establish policy, assign responsibilities, and provide procedures for the formulation of uniform policy, standards, and guidance for the physical security of sensitive conventional AA&E, herein referred to as "AA&E," in the possession or custody of the DoD Components, DoD contractors, and under foreign military sales or security cooperation programs as outlined in Defense Security Cooperation Agency Manual 5105.38-M (Reference (c)). 2. APPLICABILITY.  This instruction applies to:
+a. OSD, the Military Departments, the Office of the Chairman of the Joint Chiefs of Staff and the Joint Staff, the Combatant Commands, the Office of the Inspector General of the Department of Defense, the Defense Agencies, the DoD Field Activities, and all other organizational entities within the DoD (referred to collectively in this instruction as the "DoD Components").
+
+b. Working groups and organizations formed to improve the oversight, management, control, safety, and security of AA&E throughout the DoD logistics chain as addressed in the Under Secretary of Defense for Acquisition, Technology, and Logistics (USD(AT&L)) Memorandum (Reference (d)).
+
+c. The procurement, use, shipment, storage, inventory control, disposal by sale, or destruction of AA&E designated as Security Risk Categories (SRC) I-IV, as described and categorized in Reference (g).
+
+d. All DoD contracts for which performance depends on or affords access to DoD AA&E.
+
+e. The protection of AA&E for cooperative research, development agreements, and memorandums of agreement with other research partners and government agencies that involve furnished DoD AA&E.
+
+3. POLICY.  It is DoD policy that the security of AA&E is of the highest importance to the DoD.  If AA&E is compromised, sabotaged, stolen, misused or vulnerable to malicious mischief or acts of terrorism, subversion, criminal elements, or other acts of willful interference, it has the potential to jeopardize the safety and security of personnel, activities, missions, and installations worldwide.  Continuous program and policy oversight is required to ensure protection of AA&E within the DoD.
+
+## 4. Responsibilities.   See Enclosure 2.
+
+5. PROCEDURES. See Enclosure 3.
+
+6. RELEASABILITY.  **Cleared for public release.**  This instruction is available on the Directives Division Website at https://www.esd.whs.mil/DD/.
+
+7. SUMMARY OF CHANGE 2.  This administrative change updates:
+a. The title of the Under Secretary of Defense for Intelligence to the Under Secretary of Defense for Intelligence and Security in accordance with Public Law 116-92 (Reference (r)).
+
+b. Administrative changes in accordance with current standards of the Office of the Chief Management Officer of the Department of Defense. 8. EFFECTIVE DATE.  This instruction is effective February 28, 2014.
+
+Michael G. Vickers Under Secretary of Defense for Intelligence
+
+Enclosures
+1. References 2. Responsibilities 3. Procedures
+Glossary
+
+## Table Of Contents
+
+ENCLOSURE 1:  REFERENCES ........4
+ENCLOSURE 2:  RESPONSIBILITIES ........5
+UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE AND SECURITY
+(USD(I&S))........5
+DIRECTOR, DEFENSE INTELLIGENCE AGENCY (DIA) ........5
+DIRECTOR, DEFENSE SECURITY SERVICE (DSS) ........5
+USD(AT&L) ........6
+DoD COMPONENT HEADS........6
+ENCLOSURE 3:  PROCEDURES ........8
+GENERAL ........ 8
+TRANSFERS ........ 8 EXPLOSIVE SAFETY ........ 8
+GLOSSARY ........9
+PART I:  ABBREVIATIONS AND ACRONYMS ........9
+PART II:  DEFINITIONS ........9
+
+## Enclosure 1 References
+
+(a)
+DoD Instruction 5100.76, "Safeguarding Conventional Arms, Ammunition, and Explosives
+(AA&E)," May 20, 2010 (hereby cancelled)
+(b)
+DoD Directive 5143.01, "Under Secretary of Defense for Intelligence and Security
+(USD(I&S))," October 24, 2014, as amended
+(c)
+Defense Security Cooperation Agency Manual 5105.38-M, "Security Assistance
+Management Manual," current edition
+(d)
+Under Secretary of Defense for Acquisition, Technology, and Logistics Memorandum,
+"Department of Defense Strategic Plan for the Distribution of Arms, Ammunition and
+Explosives," May 2004
+(e)
+Defense Federal Acquisition Regulation Supplement (DFARS), Subpart 223.72,
+"Safeguarding Sensitive Conventional Arms, Ammunition, and Explosives," current edition
+(f)
+DoD Instruction 5230.29, "Security and Policy Review of DoD Information for Public
+Release," August 13, 2014, as amended
+(g)
+DoD Manual 5100.76, "Physical Security of Sensitive Conventional Arms, Ammunition,
+and Explosives," April 17, 2012
+(h)
+DoD Manual 4140.01, Volume 5, "DoD Supply Chain Materiel Management Procedures:
+Delivery of Materiel," February 10, 2014, as amended
+(i)
+DoD Instruction 6055.07, "Mishap Notification, Investigation, Reporting and Record
+Keeping," June 6, 2011, as amended
+(j)
+DoD 5200.08-R, "Physical Security Program," April 9, 2007, as amended
+(k)
+DoD Instruction 5010.40, "Managers' Internal Control Program Procedures,"
+May 30, 2013, as amended
+(l)
+DoD Instruction 2040.02, "International Transfers of Technology, Articles, and Services,"
+March 27, 2014, as amended
+(m)
+DoD Instruction 2030.08, "Implementation of Trade Security Controls (TSC) for Transfers of DoD Personal Property to Parties Outside DoD Control," February 19, 2015, as amended
+(n)
+DoD Directive 5230.20, "Visits and Assignments of Foreign Nationals," June 22, 2005
+(o)
+DoD Manual 6055.09, Volumes 1-8, "DoD Ammunition and Explosives Safety Standards,"
+February 29, 2008, as amended
+(p)
+DoD Instruction 6055.16, "Explosives Safety Management Program," July 29, 2008, as
+amended
+(q)
+Office of the Chairman of the Joint Chiefs of Staff, "DoD Dictionary of Military and
+Associated Terms," current edition
+(r)
+Public Law 116-92, "National Defense Authorization Act for Fiscal Year 2020,"
+December 20, 2019
+
+## Enclosure 2 Responsibilities
+
+1. UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE AND SECURITY (USD(I&S)).  The USD(I&S) as the senior DoD official with the authority and responsibility for the establishment of uniform DoD physical security policy (except for nuclear, chemical, and biological matters):
+a. Develops DoD guidance establishing the minimum security standards for safeguarding AA&E and facilities that maintain AA&E.
+
+b. Establishes policies, standards, and procedures governing the physical security of AA&E
+and their effective and uniform implementation.
+c. Coordinates the security of AA&E distribution and transportation with the Under Secretary of Defense for Acquisition, Technology, and Logistics (USD(AT&L)). 2. DIRECTOR, DEFENSE INTELLIGENCE AGENCY (DIA).  Under the authority direction and control of USD(I&S the Director, DIA, must:
+a. Produce a multidisciplinary threat assessment triennially, or more frequently if required based on changes in assets or threat situations, foreign military conventional and special operations, foreign intelligence and security services, terrorism, criminal activity, information operations, sabotage, and proliferation threats related to AA&E.
+
+b. Coordinate with USD(I&S) for the distribution of threat assessments to DoD Components responsible for the protection of AA&E. 3. DIRECTOR, DEFENSE SECURITY SERVICE (DSS).  Under the authority, direction, and control of the USD(I&S), the Director, DSS, must:
+a. Conduct pre-award surveys and inspections of contractor-owned, contractor-operated
+(COCO) facilities that maintain AA&E when the DoD Component and DSS have agreed that DSS will assume cognizance of surveys and inspections through a memorandum of understanding.
+
+b. Verify safeguarding of AA&E relating to performance under DoD contracts and in the possession or custody of COCO facilities that maintain AA&E (DoD prime contractors or subcontractors) under DSS cognizance through an AA&E physical security inspection program.
+
+4. USD(AT&L).  The USD(AT&L) must:
+a. Maintain the Defense Federal Acquisition Regulation Supplement Subpart 233.72
+(Reference (e)) by identifying contractor compliance with Reference (g).  The contractor will comply with the requirements of Reference (g) as specified in the statement of work that sets forth the requirements and criteria for the physical security of AA&E.  The edition of Reference
+(g) in effect on the date of issuance of the solicitation for this contract will apply.
+
+b. Establish that the contractor in possession of or has custody of AA&E must allow DSS
+and other government representatives access to its facilities and records for the purpose of surveys, inspections, and investigations necessary to review compliance of applicable contracts and subcontracts with requirements to protect AA&E.
+
+## 5. Dod Component Heads.  Dod Component Heads Must:
+
+a. Oversee, within their respective Components, compliance with the policy established in this instruction to include planning and programming fiscal and personnel resources necessary to implement this instruction.
+b. Conduct pre-award surveys and inspections of government-owned, contractor-operated
+(GOCO) facilities that maintain AA&E.  Establish a memorandum of understanding with the Director, DSS, to assume and provide cognizance responsibility for GOCO facility surveys and inspections, if applicable, to ensure that AA&E is adequately safeguarded.
+
+c. Conduct pre-award surveys and inspections of COCO facilities that maintain AA&E.
+
+Establish memorandum of understanding with the Director, DSS, to assume and provide cognizance responsibility for COCO facility surveys and inspections, if applicable, to ensure that AA&E is adequately safeguarded.
+
+d. Coordinate public releases of the information pertaining to AA&E security incidents and issues with the Office of the Under Secretary of Intelligence (OUSD(I&S)), Defense Office of Prepublication and Security Review, Washington Headquarters Services in accordance with DoDI 5230.29 (Reference (f)).  Once information has been cleared for public release by the Office of Security Review, the DoD Component heads must coordinate with the Assistant to the Secretary of Defense for Public Affairs prior to release.
+e. Conduct a specific threat analysis and vulnerability assessment at each AA&E facility prior to its occupation, use, or major renovation.  The threat analysis and vulnerability assessment is updated annually or more frequently as new threats or vulnerabilities become known.  The vulnerability assessment must include specific threats, a capabilities-based threat assessment, physical security surveys and inspection, security measures, and results of security and response force exercises.
+
+f. Implement processes and procedures to assess and evaluate appropriate security measures for protecting AA&E based on continuous threat assessments, force protection condition levels, physical security surveys and inspection, and vulnerability assessments.  DoD Components will also use risk management principles for mitigating, reducing, or eliminating risks to the physical security of AA&E.
+
+g. Report AA&E that is lost, missing, or stolen to OUSD(I&S), Security Policy and Oversight Directorate in accordance with DoD 5100.76-M (Reference (g)).
+h. Develop and implement security plans and policies that include security measures designed to ensure all AA&E under their control is safeguarded against loss, theft, diversion, and unauthorized access or use.
+i. Require that contractual requirements provide for the protection of AA&E in accordance with Reference (c) and Reference (e).
+
+j. Establish procedures to clearly define methods and requirements for the accountability and control of AA&E in accordance with DoD 4140.1-R (Reference (h)).
+
+k. Accept AA&E shipments, at any time, for safe haven or after normal duty hours for secure hold as outlined in this instruction and Reference (g).
+
+l. Establish procedures and coordinated response plans for accidents or incidents involving AA&E that include memoranda of understanding or agreements with non-DoD Federal agencies in accordance with to DoDI 6055.07 (Reference (i)).
+m. Submit reports pertaining to mishaps involving AA&E in accordance with Reference (i).
+
+n. Maintain a program to record, review, and track approved waivers and deviations from minimum AA&E physical and transportation security standards prescribed in this instruction and Reference (g).
+
+## Enclosure 3 Procedures 1. General
+
+a. AA&E must be safeguarded against theft, loss, sabotage, damage, or unauthorized use in accordance with minimum standards outlined in Reference (g) and DoD 5200.08-R (Reference
+(j)).
+b. DoD installations must accept AA&E shipments for safe haven or secure hold regardless of arrival time or final destination.  If safe haven or secure hold cannot be provided, the DoD
+activity will provide, in coordination with civil law enforcement authorities, assistance and escort to a suitable location.  Protection of shipment will be commensurate with the sensitivity of the AA&E.  Under safe haven conditions or secure hold, explosive safety quantity distance requirements must be considered, but these requirements will not eliminate the responsibility to provide safe haven or secure hold to mitigate shipment vulnerability.
+c. Material weaknesses will be reported in accordance with DoDI 5010.40 (Reference (k)).
+
+## 2. Transfers
+
+a. Export control requirements for AA&E must be implemented in accordance with DoDI
+2040.02 (Reference (l)).
+
+b. Transfers of AA&E outside of DoD control must be implemented in accordance with DoDI 2030.08 (Reference (m)) to ensure compliance with U.S. laws and DoD policy related to transfers, including ultimate disposal or sale, of DoD personal property outside of DoD control.
+
+c. Visits and assignments with foreign nationals will be processed in accordance with DoDD
+5230.20 (Reference (n)).
+
+3. EXPLOSIVE SAFETY.  AA&E will be stored and transported in accordance with the explosive safety requirements in DoD 6055.09-M, Volumes 1-8 (Reference (o)).  Reference (o) and DoDI 6055.16 (Reference (p)), as implemented by the DoD Components heads, establish acceptable levels of protection for accidental explosions of AA&E.  The explosive safety and physical security of AA&E address hazards associated with unique events; therefore, they specify different levels of protection.  Compliance with both standards is required.  Where conflicts arise, the more stringent criteria will govern.
+
+## Glossary Part I.  Abbreviations And Acronyms
+
+AA&E
+arms, ammunition, and explosives
+COCO
+contractor-owned, contractor-operated
+DIA
+Defense Intelligence Agency
+DoDD
+DoD Directive
+DoDI
+DoD Instruction
+DSS
+Defense Security Service
+GOCO
+government-owned, contractor-operated
+OUSD(I&S)
+Office of the Under Secretary of Defense for Intelligence and Security
+USD(AT&L)
+Under Secretary of Defense for Acquisition, Technology, and Logistics
+USD(I&S)
+Under Secretary of Defense for Intelligence and Security
+
+## Part Ii.  Definitions
+
+Unless otherwise noted, these terms and their definitions are for the purpose of this instruction.
+
+ammunition.  A device charged with explosive, propellants, and pyrotechnics, initiating composition, riot control agents, chemical herbicides, smoke, and flame for the use in connection with defense or offense, including demolition.  Excluded from this definition are devices charged with chemical agents, defined in DoD Dictionary of Military and Associated Terms (Reference (q)), and nuclear and biological material.  Ammunition including cartridges, projectiles, including missile rounds, grenades, mines, and pyrotechnics together with bullets, shot, and necessary primers, propellants, fuses, and detonators individually or having unit of issue, container, or package weight of 100 pounds or less.  Blank, inert training ammunition and rimfire ammunition are excluded.
+arms.  A weapon that will, or is designed to, expel a projectile or flame by the action of the explosive and the frame or receiver of any such weapon.
+
+exception.  An approved deviation from the minimum standards of this instruction and References (g) when those standards cannot be met.  When standards cannot be met, compensatory measures are required to provide security equivalent to the standards mandated therein.
+explosives.  Any chemical compound, mixture, or device, the primary or common purpose of which is to function by explosion.  The term includes, but is not limited to, individual land mines, demolition charges, blocks of explosives (dynamite, trinitrotoluene, C-4, and other high explosives), and other explosives consisting of 10 pounds or more; for example, gunpowder or nitroguanidine. force protection conditions.  A DoD-approved system standardizing the DoD's identification, recommended preventive actions, and responses to terrorist threats against U.S. personnel and facilities.  This system is the principal means for a commander to apply an operational decision on how to protect against terrorism and facilitates inter-Service coordination and support for antiterrorism activities. installation.  Real DoD properties including bases, stations, forts (including National Guard and Federal Reserve Centers), depots, arsenals, plants (both contractor and United States Government-operated), hospitals, terminals, and other special mission facilities, as well as those used primarily for military purposes.
+
+physical security inspection.  A formal recorded compliance of physical procedures and measures implemented by a unit or activity to protect its assets. physical security survey.  A formal recorded assessment of an installation physical security program. risk.  A measure of consequence of peril, hazard, or loss, which is incurred from a capable aggressor or the environment (the presence of a threat and unmitigated vulnerability).
+risk management.  As defined in Reference (q).
+
+safe haven.  On-installation parking for emergency situations such as, but not limited to, vehicle breakdown, driver illness, terrorist or criminal suspicious activity, civil disturbance, or natural disaster.
+
+security forces.  Includes armed personnel that can include DoD military and civilian security guards; police (including contract security personnel); and State, local, campus security officers. sensitive conventional AA&E.  Those conventional AA&E items designated as SRC I-IV, as described an categorized in Reference (g), which have the characteristics that require they be identified, accounted for, segregated, or handled in a special manner to ensure a high degree of protection and control.
+
+secure hold.  On-installation parking for after-hours AA&E arrivals during non-emergency circumstances.  Secure hold must meet constant surveillance requirements through either driver attended, installation security forces, or enclosed fenced area with monitored CCTV.
+threat analysis.  The continual process of compiling and examining all available information concerning the capability, activity, and intention of potential aggressors, which supports the deployment and degree of countermeasure requirements to address the perceived threat. threat assessment.  A resultant product of the defined process used to conduct a threat analysis and develop an evaluation of a potential threat.  It is the product of a threat analysis for a particular unit, installation, or activity. vulnerability assessment.  The comprehensive evaluation of an installation, facility, or, activities to determine preparedness to deter, withstand, or recover from the full range of adversarial capabilities based on the threat assessment, compliance with protective standards and risk management.

markdown/dod/i5200_08.md

@@ -0,0 +1,159 @@
+# Department Of Defense Instruction Number 5200.08 December 10, 2005 Incorporating Change 3, Effective November 20, 2015
+
+USD(I)
+
+ SUBJECT:  Security of DoD Installations and Resources and the DoD Physical Security Review
+
+Board (PSRB)
+
+References: (a) DoD Directive 5200.8, "Security of DoD Installations and Resources,"
+
+April 25, 1991 (hereby cancelled)
+
+(b) DoD Instruction 5025.01, "DoD Directives *Issuances* Program," September 26,
+2012 *June 6, 2014*, as amended
+
+(c) Section 797 of title 50, United States Code
+
+(d) DoD 5200.08-R, "Physical Security Program," April 9, 2007, as amended
+
+(e) DoD Directive 5143.01, "Under Secretary of Defense for Intelligence
+(USD(I))," November 23, 2005 *October 24, 2014, as amended*
+
+(f) Directive-type Memorandum 08-004, "Policy Guidance for DoD Access
+
+
+Control," April 29, 2008, as amended (hereby cancelled)
+
+(g) Section 1382 of title 18, United States Code
+
+(h) Federal Information Processing Standard Publication 201-2, "Personal Identity
+Verification (PIV) of Federal Employees and Contractors," August 2013
+
+(i) Office of Management and Budget Memorandum 11-11, "Continued
+Implementation of Homeland Security Presidential Directive (HSPD) 12 Policy for a Common Identification Standard for Federal Employees and Contractors," February 3, 2011
+
+(j) DoD *Instruction* 5105.18, "DoD Intergovernmental and Intragovernmental
+Committee Management Program," *July 10, 2009, as amended*
+
+(k) Office of Management and Budget Memorandum 06-18, "Acquisition of
+Products and Services for Implementation of HSPD-12," June 30, 2006
+
+(l) National Institute of Standards and Technology Special Publication 800-96,
+"PIV Card to Reader Interoperability Guidelines," September 2006
+
+(m) National Institute of Standards and Technology Special Publication 800-73-3,
+"Interfaces for Personal Identity Verification Part 1: End-Point PIV Card Application Namespace, Data Model and Representation," February 2010
+
+(n) National Institute of Standards and Technology Special Publication 800-116, "A
+Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)," November 2008
+
+(o) Underwriters Laboratories Standard 1778, "Uninterruptible Power Supplies.,"
+September 15, 2005
+ 1.  REISSUANCE AND PURPOSE
+This Instruction:
+1.1.  Reissues reference (a) as a DoD Instruction according to the guidance in reference (b)
+and updates policy on the security of DoD installations and resources.
+
+1.2.  Authorizes commanders to issue regulations for the protection or security of property or places under their command, according to reference (c).
+
+1.3.  Continues to authorize the publication of reference (d) according to reference (e), to establish consistent minimum standards for protecting DoD installations and resources.
+
+
+1.4.  Incorporates and cancels Directive-type Memorandum 08-004 (reference (f)). 2.  APPLICABILITY This Instruction applies to the Office of the Secretary of Defense, the Military Departments, the Office of the Chairman of the Joint Chiefs of Staff and the Joint Staff, the Combatant Commands, the Office of the Inspector General of the Department of Defense, the Defense Agencies, the DoD Field Activities, and all other organizational entities in the Department of Defense (hereafter referred to collectively as the "DoD Components").  The term "commanders," as used in this Instruction, refers to personnel assigned to command positions at all levels and the heads of the Defense Agencies and DoD Field Activities. 3.  POLICY
+It is DoD policy that:
+3.1.  DoD installations, property, and personnel shall be protected and that applicable laws and regulations shall be enforced.
+
+3.2.  The authority of a DoD commander to take reasonably necessary and lawful measures to maintain law and order and to protect installation personnel and property:
+3.2.1.  Extends to temporarily established "National Defense Areas," in emergency situations, such as accident sites involving Federal equipment or personnel on official business.
+
+3.2.2.  Includes the removal from, or the denial of access to, an installation or site of individuals who threaten the orderly administration of the installation or site.
+
+
+3.2.3.  Shall not be exercised in an arbitrary, unpredictable, or discriminatory manner.
+Removal or denial actions must be based on reasonable grounds and be judiciously applied.
+
+3.2.4.  Permits prohibiting individuals from reentering an installation after they have been removed and ordered not to reenter under section 1382 of title 18, United States Code (reference (g)).  If this order is violated, the commander of a DoD installation may detain individuals not subject to military law until the civil authorities may respond.  Offenders may be appropriately prosecuted in accordance with the law.
+
+
+3.3.  Federal Government Personal Identity Verification (PIV) cards that are compliant with Federal Information Processing Standard Publication 201-2 (reference (h)) will be reciprocally accepted and used to facilitate physical access to controlled DoD assets, information, and facilities to enhance security, increase efficiency, reduce identity fraud, and protect personal privacy pursuant to Office of Management and Budget Memorandum 11-11 (reference (i)).
+
+3.4.  Commanders at all levels have the responsibility and authority to enforce appropriate security measures to ensure the protection of DoD property and personnel assigned, attached, or subject to their control. 4.  RESPONSIBILITIES
+4.1.  The Under Secretary of Defense for Intelligence (USD(I)) will:
+
+4.1.1  Develop overall security policy including requirements for the DoD Physical Security Program.
+
+
+4.1.2  Form, administer, and manage the DoD PSRB.  Board membership and responsibilities are established in Enclosure 2 in accordance with DoDI 5105.18 (reference (j)).
+
+
+4.1.3.  Identify capabilities, requirements, and baseline standards for a comprehensive suite of hardware and software solutions to provide DoD Components the necessary tools to verify and authenticate the identities and manage physical access authorizations or denials for personnel entering their facilities.
+
+4.2.  The Secretaries of the Military Departments and the Heads of other DoD Components
+will:
+
+4.2.1  Establish policies and procedures to implement this Instruction, consistent with the policies and guidelines contained in enclosure 1.
+
+
+4.2.2  Support the DoD PSRB by providing the Board with information and assistance necessary for its assigned functions and by providing qualified personnel for task groups when requested by the Chair of the DoD PSRB.
+
+
+
+4.2.3.  Apply the guidance in 4.2.3.1 through 4.2.3.3 for procuring electronic access control equipment when purchasing upgrades to, and when replacing existing access control systems.  All systems must:
+
+
+4.2.3.1.  Meet the requirements of references (d),(i), and Office of Management and Budget Memorandum 06-18 (reference (k)).  Card readers must be able to read and use the contactless-chip as prescribed in the National Information Security Technology (NIST) Special Publication (SP) 800-96 (reference (l)) and perform PIV card, certificates, and cardholder validation as described in NIST SP 800-73-3 (or subsequent version) (reference (m)) and SP 800-116 (reference (n)).
+
+
+
+4.2.3.2.  Include an uninterruptible power supply as prescribed in Underwriters Laboratories Standard 1778 (reference (o)).
+
+
+
+4.2.3.3.  Have the ability to provide rapid electronic authentication in accordance with references (d), (h), and (i) to federal and DoD authoritative databases, including DoD personnel registered in the Defense Enrollment and Eligibility Reporting System.
+
+5.  RELEASABILITY.  UNLIMITED. *Cleared for public release.*  This Instruction is approved for public release and is available on the Internet from the DoD Issuances Website at http://www.dtic.mil/whs/directives. 6.  EFFECTIVE DATE.  This Instruction: is effective December 10, 2005.
+
+6.1.  Is effective December 10, 2005. 6.2.  Must be reissued, cancelled, or certified current within 5 years of its publication to be considered current in accordance with reference (b).
+
+
+6.3.  Will expire effective December 10, 2015, and be removed from the DoD Issuances Website if it hasn't been reissued or cancelled in accordance with reference (b). Enclosures - 2 E1.  Guidelines on Security of DoD Installations and Resources E2.  DoD PSRB
+
+## E1.  Enclosure 1 Guidelines On Security Of Dod Installations And Resources
+
+E1.1.  GUIDELINES The following commanders shall issue the necessary regulations for the protection and security of property or places under their command, according to references (a, c, and d):
+E1.1.1.  The commanding officers of all military reservations, posts, camps, stations, or installations subject to the jurisdiction, the administration, or in the custody of the Department of the Army.
+
+
+
+E1.1.2.  The commanding officers of all naval ships or afloat units, commanders, or commanding officers of naval shore activities or installations, bases, camps, stations, and supply activities, subject to the jurisdiction, administration, or in the custody of the Department of the Navy.
+
+E1.1.3.  The commanders of major air commands, numbered air forces, wings, groups, or installations subject to the jurisdiction, the administration, or in the custody of the Department of the Air Force.
+
+E1.1.4.  The commanders of installations or activities subject to the jurisdiction, the administration, or in the custody of the Defense Agencies, DoD Field Activities, and other DoD organizational entities, or their separate operating activities.
+
+E1.1.5.  The commanders of installations or activities subject to the jurisdiction, the administration, or in the custody of the Commanders of the Combatant Commands, or the Chairman of the Joint Chiefs of Staff.
+
+
+E1.1.6.  The commanders/civilian directors in the chain of command or supervision immediately above an installation or activity not headed by a commander or civilian equivalent shall issue regulations or orders on the security of the installation or activity.  Where there is no commander or civilian equivalent in the chain of command supervision, necessary proposed regulations or orders shall be forwarded to the USD(I) for processing. E1.2.  COMMANDER PREPARATION Commanders shall prepare, clearly post, and enforce the security orders and regulations issued, and according to this Instruction and  law, as appropriate, to ensure the proper safeguarding of personnel, facilities, and property from loss, destruction, espionage, terrorism, or sabotage. E1.3.  PROMULGATING SECURITY REGULATIONS In promulgating security regulations, commanders shall comply with policies and procedures established by the Head of the DoD Component concerned with disseminating security regulations.  All security orders and regulations shall be submitted for review to ensure legal sufficiency by the servicing Judge Advocate or other legal advisor to the command.
+
+## E2.  Enclosure 2 Dod Psrb
+
+E2.1.  MEMBERSHIP The DoD PSRB shall be composed of:
+E2.1.1.  The Deputy Under Secretary of Defense for  Intelligence and Security
+(DUSD(I&S)), Office of the USD(I), who shall serve as the Chair. E2.1.2.  The Assistant Secretary of Defense for Logistics and Materiel Readiness.
+
+E2.1.3.  The Deputy Assistant Secretary of Defense for Reserve Affairs. E2.1.4.  The Deputy Assistant Secretaries or equivalent designated by each of the Secretaries of the Military Departments. E2.1.5.  Other employees of the Federal Government, or Service members, who may be designated by the USD(I). E2.2  THE CHAIR The Chair of the DoD PSRB shall:
+E2.2.1  Preside at DoD PSRB meetings or, when necessary, designate a DUSD(I&S) senior staff member to act as Chair.
+
+E2.2.2  Determine requirements and conduct the necessary staffing on matters referred to the DoD PSRB, and provide DUSD(I&S) and the DoD Components with current information and the status of actions on physical security matters within the PSRB's jurisdiction.
+
+E2.2.3  Establish and direct the activities of task groups formed to address specific physical security matters.
+
+E2.2.4  Establish liaison with other Government departments and agencies, including the Departments of State, Homeland Security, and Energy.
+
+E2.2.5  Perform other functions with regard to physical security, as assigned by the Secretary of Defense. E2.3  THE BOARD The DoD PSRB shall:
+E2.3.1  Determine the need for uniform policy, standards, and procedures for physical security and take steps to recommend them.
+
+
+E2.3.2  In collaboration with other DoD offices, survey and evaluate activities to determine compliance with security standards and procedures for the protection of installations and resources.

markdown/dod/i5200_44.md

@@ -0,0 +1,353 @@
+# Department Of Defense
+
+## Instruction
+
+# Number 5200.44
+
+November 5, 2012
+Incorporating Change 2, July 27, 2017
+
+DoD CIO/USD(AT&L) SUBJECT: Protection of Mission Critical Functions to Achieve Trusted Systems and Networks
+(TSN) References: See Enclosure 1
+1.  PURPOSE.  This Instruction, in accordance with the authorities in DoD Directive (DoDD) 5134.01 (Reference (a)) and DoDD 5144.02 (Reference (b)):
+a.  Establishes policy and assigns responsibilities to minimize the risk that DoD's warfighting mission capability will be impaired due to vulnerabilities in system design or sabotage or subversion of a system's mission critical functions or critical components, as defined in this Instruction, by foreign intelligence, terrorists, or other hostile elements.
+
+b.  Implements the DoD's TSN strategy, described in the Report on Trusted Defense Systems
+(Reference (c)) as the Strategy for Systems Assurance and Trustworthiness, through Program Protection and cybersecurity implementation to provide uncompromised weapons and information systems.  The TSN strategy integrates robust systems engineering, supply chain risk management (SCRM), security, counterintelligence, intelligence, cybersecurity, hardware and software assurance, and information systems security engineering disciplines to manage risks to system integrity and trust.
+
+c.  Incorporates and cancels Directive-Type Memorandum 09-016 (Reference (d)).
+
+d.  Directs actions in accordance with the SCRM implementation strategy of National Security Presidential Directive 54/Homeland Security Presidential Directive 23 (Reference (e)), section 806 of Public Law 111-383 (Reference (f)), DoDD 5000.01 (Reference (g)), DoDI
+5000.02 (Reference (h)), DoDI 8500.01 (Reference (i)), Committee on National Security Systems Directive No. 505 (Reference (j)), and National Institute for Science and Technology Special Publication 800-161 (Reference (k)).
+
+2.  APPLICABILITY.  This Instruction applies to:
+a.  OSD, the Military Departments, the Office of the Chairman of the Joint Chiefs of Staff
+(CJCS) and the Joint Staff, the Combatant Commands, the Office of the Inspector General of the Department of Defense, the Defense Agencies, the DoD Field Activities, and all other organizational entities within the DoD (hereinafter referred to collectively as the "DoD
+Components").
+
+
+b. The United States Coast Guard.  The United States Coast Guard will adhere to DoD
+cybersecurity requirements, standards, and policies in this issuance in accordance with the direction in Paragraphs 4a, b, c, and d of the Memorandum of Agreement Between the Department of Defense and the Department of Homeland Security (Reference (z)).
+
+
+
+bc.  All DoD information systems and weapons systems that are or include systems described in subparagraphs 2.b.(1) through 2.b.(3) (hereinafter referred to collectively as "applicable systems"):
+
+
+(1)  National security systems as defined by section 3552 of title 44, United States Code
+(U.S.C.) (Reference (l)).  Although DoD's Non-classified Internet Protocol Router Network (NIPRNet) and its enclaves are considered national security systems in accordance with CJCS Instruction 6211.02D (Reference (m)), they are exempted from this instruction due to the need to prioritize use of limited TSN enterprise capabilities unless paragraph 2.b.(2) or 2.b.(3) applies;
+
+(2)  Any DoD system with a high impact level for any of the three security objectives
+(confidentiality, integrity, and availability) in accordance with the system categorization procedures in DoDI 8510.01 (Reference (n)); or
+
+(3)  Other DoD information systems that the DoD Component's acquisition executive or chief information officer, or designee, determines are critical to the direct fulfillment of military or intelligence missions, which may include some connections to or enclaves of NIPRNet and some industrial control systems..
+
+
+
+cd.  All mission critical functions and critical components within applicable systems identified through a criticality analysis, including spare or replacement parts.  For the purposes of this Instruction, only information and communications technology (ICT) components in applicable systems shall be considered for the processes described herein until this Applicability section is modified in accordance with Enclosure 2, paragraph 1.f. 3.  DEFINITIONS.  See Glossary. 4.  POLICY.  It is DoD policy that:
+a.  Mission critical functions and critical components within applicable systems shall be provided with assurance consistent with criticality of the system, and with their role within the system.
+
+b.  All-source intelligence analysis of suppliers of critical components shall be used to inform risk management decisions.
+
+
+
+c.  Risk to the trust in applicable systems shall be managed throughout the entire system lifecycle.  The application of risk management practices shall begin during the design of applicable systems and prior to the acquisition of critical components or their integration within applicable systems, whether acquired through a commodity purchase, system acquisition, or sustainment process.  Risk management shall include TSN process, tools, and techniques to:
+
+(1)  Reduce vulnerabilities in the system design through system security engineering.
+
+
+(2)  Control the quality, configuration, software patch management, and security of software, firmware, hardware, and systems throughout their lifecycles, including components or subcomponents from secondary sources.  Employ protections that manage risk in the supply chain for components or subcomponent products and services (e.g., integrated circuits, fieldprogrammable gate arrays (FPGA), printed circuit boards) when they are identifiable (to the supplier) as having a DoD end-use.
+
+
+(3)  Detect the occurrence of, reduce the likelihood of, and mitigate the consequences of unknowingly using products containing counterfeit components or malicious functions in accordance with DoDI 4140.67 (Reference (o)).
+
+
+
+(4)  Detect vulnerabilities within custom and commodity hardware and software through rigorous test and evaluation capabilities, including developmental, acceptance, and operational testing.
+
+
+(5)  Implement tailored acquisition strategies, contract tools, and procurement methods for critical components in applicable systems, to include covered procurement actions in accordance with Reference (f).
+
+
+
+(6)  Implement item unique identification (IUID) for national level traceability of critical components in accordance with DoDI 8320.04 (Reference (p)).
+
+
+
+d.  The identification of mission critical functions and critical components as well as TSN
+planning and implementation activities, including risk acceptance as appropriate, shall be documented in the Program Protection Plan (PPP) in accordance with Reference (h) and in relevant cybersecurity plans and documentation in accordance with Reference (i).
+
+
+e.  In applicable systems, integrated circuit-related products and services shall be procured from a trusted supplier using trusted processes accredited by the Defense Microelectronics Activity (DMEA) when they are custom-designed, custom-manufactured, or tailored for a specific DoD military end use (generally referred to as application-specific integrated circuits
+(ASIC)).
+
+5.  RESPONSIBILITIES.  See Enclosure 2.
+
+6.  RELEASABILITY.  **Cleared for public release.**  This Instruction is available on the DoD
+Issuances Website at http://www.dtic.mil/whs/directives on the Directives Division Website at http://www.esd.whs.mil/DD/.
+
+
+7.  EFFECTIVE DATE.  This Instruction is effective November 5, 2012. Teresa M. Takai
+
+
+Frank Kendall DoD Chief Information Officer
+
+
+Under Secretary of Defense
+
+
+
+for Acquisition, Technology, and Logistics
+
+Enclosures
+1.  References
+
+2.  Responsibilities Glossary
+
+## Enclosure 1 References
+
+
+(a)
+DoD Directive 5134.01, "Under Secretary of Defense for Acquisition, Technology, and
+Logistics (USD(AT&L))," December 9, 2005, as amended
+(b)
+DoD Directive 5144.02, "DoD Chief Information Officer (DoD CIO)," November 21, 2014
+(c)
+Report on Trusted Defense Systems in response to the National Defense Authorization Act
+for Fiscal Year 2009, December 22, 20091
+(d)
+Directive-Type Memorandum 09-016, "Supply Chain Risk Management (SCRM) to
+Improve the Integrity of Components Used in DoD Systems," March 25, 2010 (hereby cancelled)
+(e)
+National Security Presidential Directive 54/Homeland Security Presidential Directive 23,
+"Cybersecurity Policy," January 8, 20082
+(f)
+Section 806 of Public Law 111-383, "The National Defense Authorization Act for Fiscal Year 2011," January 7, 2011
+(g)
+DoD Directive 5000.01, "The Defense Acquisition System," May 12, 2003
+(h)
+DoD Instruction 5000.02, "Operation of the Defense Acquisition System," January 7, 2015, as amended
+(i)
+DoD Instruction 8500.01, "Cybersecurity," March 14, 2014
+(j)
+Committee on National Security Systems Directive No. 505, "Supply Chain Risk
+Management (SCRM)," March 7, 20123
+(k)
+National Institute for Science and Technology Special Publication 800-161, "Supply Chain Risk Management Practices for Federal Information Systems and Organizations," April 2015
+(l)
+Section 3552, title 44, United States Code
+(m) Chairman of the Joint Chiefs of Staff Instruction 6211.02D, "Defense Information Systems
+Network (DISN) Responsibilities," January 24, 2012
+(n)
+DoD Instruction 8510.01, "Risk Management Framework (RMF) for DoD Information Technology (IT)," March 12, 2014*, as amended*
+(o)
+DoD Instruction 4140.67, "DoD Counterfeit Prevention Policy," April 26, 2013
+(p)
+DoD Instruction 8320.04, "Item Unique Identification (IUID) Standards for Tangible Personal Property," September 3, 2015
+ (q) Defense Federal Acquisition Regulation Supplement, current edition4
+(r)
+Defense Acquisition Guidebook, current edition5
+(s)
+Section 937 of Public Law 113-66, "The National Defense Authorization Act for Fiscal Year 2014," December 26, 2013
+(t)
+Policy Memorandum 15-001 - Joint Federated Assurance Center (JFAC) Charter, February
+9, 20156
+(u)
+DoD Instruction O-5240.24, "Counterintelligence (CI) Activities Supporting Research, Development, and Acquisition (RDA)," June 8, 2011, as amended
+(v)
+Supply Chain Risk Management (SCRM) Program Office, Trusted Mission Systems and Networks Directorate, "Key Practices and Implementation Guide for the DoD
+Comprehensive National Cybersecurity Initiative 11 - Supply Chain Risk Management
+Pilot Program," February 25, 20107
+(w) Section 11101 of title 40, United States Code
+(x)
+Committee on National Security Systems Instruction No. 4009, "Committee on National
+Security Systems (CNSS) Glossary," April 6, 20158
+(y) DoD 5240.1-R, "Procedures Governing the Activities of DoD Intelligence Components
+That Affect United States Persons," December 1, 1982
+(y) DoD Manual 5240.01, "Procedures Governing the Conduct of DoD Intelligence
+Activities," August 8, 2016
+(z)    Memorandum of Agreement between the Department of Defense and The Department of
+Homeland Security Regarding Department of Defense and U.S. Coast Guard Cooperation
+on Cybersecurity and Cyberspace Operations, January 19, 20179
+
+## Enclosure 2 Responsibilities
+
+ 1.  UNDER SECRETARY OF DEFENSE FOR AQUISITION,TECHNOLOGY, AND LOGISTICS (USD(AT&L).  The USD(AT&L), in accordance with Reference (a), shall:
+a.  In coordination with the DoD Chief Information Officer (CIO), oversee the implementation of this Instruction and issue supporting guidance as necessary.
+
+b.  Coordinate with the DoD CIO and the Heads of the DoD Components to develop TSN
+requirements, best practices, and mitigations.  Develop guidance for identification and protection of mission critical functions and critical components, develop programming recommendations for TSN, align DoD TSN enterprise resources (e.g., test and evaluation, training), and develop TSN training for appropriate DoD Components and contractor personnel.
+
+c.  In coordination with the DoD CIO and the Director, National Security Agency/Chief, Central Security Service (DIRNSA/CHCSS), advance the state of the art in assurance tools, techniques, and methods for creating and identifying non-cryptologic software and hardware that is free from exploitable vulnerabilities and malicious intent.
+
+d.  In coordination with the DoD CIO and the Heads of the DoD Components, integrate the identification and protection of mission critical functions and critical components into system engineering, acquisition, logistics, and materiel readiness policies to ensure implementation of TSN concepts in technology demonstration or other research projects, defense acquisition programs, commodity purchases, operations and maintenance activities, and end-of-life disposal procedures.
+
+e.  In coordination with the DoD CIO, incorporate TSN concepts and the authorities in Reference (f) into the Defense Federal Acquisition Regulation Supplement (Reference (q)), Defense Acquisition Guidebook (Reference (r)), and solicitation and contract language.
+
+f.  In coordination with the DoD CIO, the Under Secretary of Defense for Intelligence
+(USD(I)), and the Heads of the DoD Components, evaluate the feasibility and usefulness of applying the processes that are described for critical ICT components for applicable systems in accordance with this Instruction to non-ICT components that are critical to DoD weapons and information systems and issue policy as appropriate.  In the event that demand for threat assessments exceeds resources, establish, in coordination with the DoD CIO, the USD(I), and the Heads of the DoD Components, the prioritization for threat assessment support.
+
+g.  In coordination with the DoD CIO, the Director, Defense Intelligence Agency (DIA), and the Heads of the DoD Components, develop a strategy for managing risk in the supply chain for integrated circuit-related products and services (e.g., FPGAs, printed circuit boards) that are identifiable to the supplier as specifically created or modified for DoD (e.g., military temperature range, radiation hardened).
+
+
+
+h.  In coordination with DoD CIO and participating DoD Components, develop, maintain, and offer software and hardware assurance capabilities across the DoD Components as required by Section 937 of Public Law 113-66 (Reference (s)) and Policy Memorandum 15-001 - Joint Federated Assurance Center (JFAC) Charter (Reference (t)). 2.  DIRECTOR, DMEA.  The Director, DMEA, under the authority, direction, and control of USD(AT&L), shall, in coordination with DoD CIO and the Heads of the DoD Components, perform the accreditations of trusted suppliers, review those accreditations on an annual basis, issue follow-on guidance for the use of trusted suppliers, and establish criteria for accrediting trusted suppliers of integrated circuit-related products and services.
+
+
+
+3.  DoD CIO.  The DoD CIO shall:
+a.  Coordinate with the USD(AT&L) and the Heads of the DoD Components as a subject matter expert on SCRM activities within TSN, implementation of TSN across the DoD, and development of TSN training, requirements, best practices, and mitigations.
+
+b.  Integrate TSN concepts into security controls and other policies and processes (e.g., Reference (n)), as appropriate.
+
+c.  Issue guidance (e.g., information system security engineering guidance) and develop programming recommendations to ensure the integration of TSN concepts and processes into the acquisition and maintenance of DoD information systems, enclaves, and services, including the purchase and integration of ICT commodities.
+
+4.  USD(I).  The USD(I) shall:
+a.  Guide collection of foreign intelligence and direct all-source analysis of supply chain risk.
+
+
+b.  Integrate TSN concepts into USD(I)-managed policies and processes, as appropriate.
+
+c.  In coordination with the DIRNSA/CHCSS, develop processes and procedures for responding to suspected or actual supply chain exploits identified by the Heads of the DoD Components, such as vulnerability assessments, best practices, and educational materials.
+
+d.  Provide oversight for counterintelligence, defense intelligence, and security support to protect critical mission functions and components.
+
+5.  DIRNSA/CHCSS.  The DIRNSA/CHCSS, under the authority, direction, and control of the USD(I) and in addition to the responsibilities in section 8 of this enclosure, shall:
+
+a.  Support the development and application of TSN requirements, best practices, and processes.  In the event that demand for support exceeds resources, establish, in coordination with the DoD CIO, the USD(I), and the Heads of the DoD Components, prioritization for support to achieve TSN.
+
+b.  Advise and guide the Heads of the DoD Components in the application of processes, tools, techniques and methods to minimize vulnerabilities and risk of malicious intent in procured and developed software and hardware for applicable systems.
+
+c.  In coordination with selected software assurance testing centers, define processes, tools, techniques and standards to effectively test newly developed and acquired DoD software and hardware for applicable systems.
+
+
+d.  Assess software analysis tools and practices and disseminate guidance on software and hardware vulnerability reduction and malicious intent identification to enable acquisition programs to manage risk effectively. 6.  DIRECTOR, DIA.  The Director, DIA, under the authority, direction, and control of the USD(I), and in addition to the responsibilities in section 8 of this enclosure, shall produce an intelligence and counterintelligence assessment of supplier threats to acquisition programs providing critical weapons, information systems, or service capabilities in accordance with DoDI O-5240.24 (Reference (u)).  In the event that demand for support exceeds resources, establish, in coordination with USD(AT&L), DoD CIO, and the Heads of the DoD Components, prioritization for support to conduct threat analysis of suppliers of critical components. 7.  UNDER SECRETARY OF DEFENSE FOR POLICY (USD(P)).  The USD(P) shall, in coordination with the USD(I), establish security policy for foreign national participation in system integration activities. 8.  HEADS OF THE DoD COMPONENTS.  The Heads of the DoD Components shall:
+a.  Designate a TSN focal point or focal points, with access to all DoD Components research, development, acquisition, and sustainment activities for applicable systems, in order to:
+
+(1)  Coordinate and prioritize requests for threat analysis of suppliers of critical components in accordance with Reference (u).
+
+
+(2)  Coordinate and prioritize requests for use of DoD Component and Enterprise TSN
+resources, TSN subject matter experts, and tools, including hardware and software assurance capabilities in accordance with References (s) and (t).
+
+
+(3)  Coordinate with the DoD CIO and USD(AT&L) in the development of TSN
+requirements, best practices, and mitigations.
+
+
+(4)  Assure the identification of mission critical functions and critical components as well as TSN planning and implementation activities are documented in the PPP.
+
+
+
+b.  Establish processes for managers of research, development, acquisition, and sustainment activities for applicable systems to manage risk to the trust in the system by:
+
+(1)  Conducting a criticality analysis to identify mission critical functions and critical components and reducing the vulnerability of such functions and components through secure system design.
+
+
+(2)  Requesting threat analysis of suppliers of critical components from the pertinent TSN
+focal point and managing access to and control of threat analysis products containing U.S. person information, in accordance with Reference (u).
+
+
+(3)  Engaging the pertinent TSN focal point for guidance on managing identified risk using DoD Components and Enterprise risk management resources.
+
+
+(4)  Applying TSN best practices, processes, techniques, and procurement tools prior to the acquisition of critical components or their integration into applicable systems, at any point in the system lifecycle.  Such tools and practices include contract requirements developed in accordance with USD(AT&L) guidance provided pursuant to paragraph 1.e of this enclosure, SCRM key practices (Reference (v)), and the authorities prescribed in Reference (f), as appropriate.
+
+
+(5)  Documenting TSN plans and implementation activities in PPPs and relevant cybersecurity plans and documentation in accordance with Reference (h).
+
+c.  Assign DoD Components specialists to assist the Director, DIA, to conduct threat analysis of suppliers of critical components.
+
+d.  Coordinate with the USD(AT&L) and the DoD CIO regarding TSN training of all appropriate DoD Components and contractor personnel commensurate with their assigned responsibilities.
+
+e.  Notify the cognizant Milestone Decision Authority, Authorizing Official, and the DoD
+CIO of significant threats that cannot be reasonably addressed through technical mitigation, countermeasures, or risk management procedures.
+
+f.  Notify the USD(I) and DIRNSA/CHCSS, of discovered or suspected supply chain exploits for the purposes of further analysis and the development of enterprise remediation, as appropriate.
+
+g.  Integrate Component-unique TSN concepts into DoD Components policies and processes, as appropriate.
+
+
+h.  Ensure the Component Acquisition Executive or Chief Information Officer, or designee, designate DoD systems that are not national security systems or a high impact level for confidentiality, integrity, or availability, as applicable systems in accordance with subparagraph
+2.b.(3) above the signature of this Instruction.
+
+i.  Provide software and hardware assurance capabilities and resources, and support the JFAC, as required by References (s) and (t).
+
+
+## Glossary Part I.  Abbreviations And Acronyms
+
+
+ASIC
+application-specific integrated circuits
+
+
+CJCS
+Chairman of the Joint Chiefs of Staff
+
+
+DIA
+Defense Intelligence Agency
+DIRNSA/CHCSS
+Director, National Security Agency/Chief, Central Security Service
+DMEA
+Defense Microelectronics Activity
+DoD CIO
+DoD Chief Information Officer
+DoDD
+DoD Directive
+DoDI
+DoD Instruction
+DoDIN
+DoD Information Network
+
+
+FPGA
+field-programmable gate arrays
+
+
+ICT
+information and communications technology
+IT IUID
+information technology item unique identification
+JFAC
+Joint Federated Assurance Center Non-classified Internet Protocol Router Network
+NIPRNet
+PPP
+Program Protection Plan
+
+
+SCRM
+supply chain risk management
+
+
+TSN
+trusted systems and networks
+
+
+USCG
+United States Coast Guard
+USD(AT&L)
+Under Secretary of Defense for Acquisition, Technology, and Logistics
+USD(I)
+Under Secretary of Defense for Intelligence
+USD(P)
+Under Secretary of Defense for Policy
+U.S.C.
+United States Code
+
+
+## Part Ii.  Definitions
+
+
+Unless otherwise noted, these terms and their definitions are for the purposes of this Instruction. critical component.  A component which is or contains ICT, including hardware, software, and firmware, whether custom, commercial, or otherwise developed, and which delivers or protects mission critical functionality of a system or which, because of the system's design, may introduce vulnerability to the mission critical functions of an applicable system. criticality analysis.  An end-to-end functional decomposition performed by systems engineers to identify mission critical functions and components.  Includes identification of system missions, decomposition into the functions to perform those missions, and traceability to the hardware, software, and firmware components that implement those functions.  Criticality is assessed in terms of the impact of function or component failure on the ability of the component to complete the system mission(s). cybersecurity.  Defined in Reference (e). enclave.  Defined in Committee on National Security Systems Instruction No. 4009 (Reference (x)).
+
+ICT.  Includes all categories of ubiquitous technology used for the gathering, storing, transmitting, retrieving, or processing of information (e.g., microelectronics, printed circuit boards, computing systems, software, signal processors, mobile telephony, satellite communications, and networks).  ICT is not limited to information technology (IT), as defined in section 11101 of title 40, U.S.C. (Reference (w)).  Rather, this term reflects the convergence of IT and communications. industrial control system.  Defined in Reference (x). information system.  Defined in Reference (x). information systems security engineering.  Defined in Reference (x). mission critical functions.  Any function, the compromise of which would degrade the system effectiveness in achieving the core mission for which it was designed.
+
+
+national security system.  Defined in Reference (l).
+
+SCRM.  A systematic process for managing supply chain risk by identifying susceptibilities, vulnerabilities and threats throughout DoD's "supply chain" and developing mitigation strategies to combat those threats whether presented by the supplier, the supplied product and its subcomponents, or the supply chain (e.g., initial production, packaging, handling, storage, transport, mission operation, and disposal). software assurance.  The level of confidence that software functions as intended and is free of vulnerabilities, either intentionally or unintentionally designed or inserted as part of the software throughout the lifecycle. supply chain risk.  The risk that an adversary may sabotage, maliciously introduce unwanted function, or otherwise subvert the design, integrity, manufacturing, production, distribution, installation, operation, or maintenance of a system so as to surveil, deny, disrupt, or otherwise degrade the function, use, or operation of such system.
+
+system security engineering.  An element of system engineering that applies scientific and engineering principles to identify security vulnerabilities and minimize or contain risks associated with these vulnerabilities.
+
+U.S. person.  Defined in DoD 5240.1-R *DoD Manual 5240.01* (Reference (y)). weapon system.  A combination of one or more weapons with all related equipment, materials, services, personnel, and means of delivery and deployment (if applicable) required for selfsufficiency.

markdown/dod/i5210_02.md

@@ -0,0 +1,587 @@
+# Department Of Defense
+
+## Instruction
+
+# Number 5210.02 June 3, 2011 Incorporating Change 1, October 25, 2017
+
+
+USD(I) SUBJECT: Access to and Dissemination of Restricted Data and Formerly Restricted Data
+
+References: See Enclosure 1 1.  PURPOSE.  In accordance with the authority in DoD Directive 5143.01 (Reference (a)), this Instruction:
+a.  Reissues DoD Directive 5210.2 (Reference (b)) as a DoD Instruction to establish policies, assign responsibilities, and prescribe procedures governing access to, and dissemination of data classified as Restricted Data (RD) and Formerly Restricted Data (FRD) by the DoD.
+
+b.  Implements sections 2153 and 2161 through 2165 of title 42, United States Code (also known and hereinafter referred to as the "Atomic Energy Act of 1954, as amended" (Reference (c))) and Part 1045 of title 10, Code of Federal Regulations (Reference (d)).
+
+2.  APPLICABILITY.  This Instruction applies to OSD, the Military Departments, the Office of the Chairman of the Joint Chiefs of Staff and the Joint Staff, the Combatant Commands, the Office of the Inspector General of the Department of Defense, the Defense Agencies, the DoD
+Field Activities, and all other organizational entities within the DoD (hereinafter referred to collectively as the "DoD Components"). 3.  DEFINITIONS.  See Glossary. 4.  POLICY.  It is DoD policy that:
+a.  Access to and dissemination of RD and FRD information within and between DoD
+Components will be governed by the same criteria that governs the access to other classified information, which is contained in *Volume 1 of* DoDM 5200.01-R, DoD 5200.2-R *DoDM*
+5200.02, and DoD 5220.22-R (References (e) through (g)), and by the procedures identified within this Instruction.
+
+b.  Classification and declassification of RD and FRD information will be governed by the criteria and DoD and Department of Energy (DOE) classification guidance identified in DoD Instruction 5210.67; Classification Guide, Weapons, 5th version; Classification Guide, SS-1;
+Classification Guide, RN-1; and Topical Classification Guide - Weapons Production and Military Use, 2nd version (References (h) through (l)); and by the criteria and procedures identified within this Instruction. and in Part 1045 of Title 10 (Reference (d)). 5.  RESPONSIBILITIES.  See Enclosure 2.
+
+6.  PROCEDURES.  Procedures for implementing this Instruction are described in Enclosure 3. 7.  RELEASABILITY.  UNLIMITED.  This Instruction is approved for public release and is available on the Internet from the DoD Issuances Website at http://www.dtic.mil/whs/directives.
+Cleared for public release.  This Instruction is available on the Directives Division Website at http://www.esd.whs.mil/DD/.
+
+8.  EFFECTIVE DATE.  This Instruction is effective upon its publication to the DoD Issuances Website. *June 3, 2011.*
+Michael G. Vickers
+
+Under Secretary of Defense for Intelligence Enclosures
+1.  References
+
+
+2.  Responsibilities
+
+3.  Procedures
+
+4.  List of Certifying Officials
+Glossary
+
+
+## Table Of Contents
+
+ ENCLOSURE 1:  REFERENCES ........4 ENCLOSURE 2:  RESPONSIBILITIES ........5
+UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE (USD(I)) ........5
+
+DEPUTY ASSISTANT SECRETARY OF DEFENSE FOR NUCLEAR MATTERS
+(DASD(NM)) ........5
+
+DIRECTOR OF ADMINISTRATION AND MANAGEMENT (DA&M) DEPUTY CHIEF
+MANAGEMENT OFFICER (DCMO) OF THE DEPARTMENT OF DEFENSE ........6
+
+DIRECTOR, DEFENSE INFORMATION SYSTEMS AGENCY ........6
+
+HEADS OF THE DoD COMPONENTS WITH ACCESS TO RD AND FRD........6 ENCLOSURE 3:  PROCEDURES ........7
+ACCESS ........7
+
+DISSEMINATION ........10
+
+CLASSIFICATION AND HANDLING ........12
+
+DECLASSIFICATION ........16
+
+TRAINING REQUIREMENTS ........17 ENCLOSURE 4:  LIST OF CERTIFYING OFFICIALS ........18 GLOSSARY ........19
+ABBREVIATIONS AND ACRONYMS ........19
+
+DEFINITIONS ........20 TABLES
+1.  DOE, NRC, and DoD Clearances ........10
+
+2.  Markings and Declassification Requirements for RD, FRD, and NSI ........16 FIGURES
+1.  RD Warning ........14
+
+2.  FRD Warning ........14
+
+3.  Sigma 14, Sigma 15, and Sigma 20 Caveat ........14
+
+4.  Sigma 14 Handling Instruction ........15
+
+## Enclosure 1 References
+
+ (a) DoD Directive 5143.01, "Under Secretary of Defense for Intelligence (USD(I)),"
+
+November 23, 2005 October 24, 2014, as amended
+(b) DoD Directive 5210.2, "Access to and Dissemination of Restricted Data," January 12, 1978
+(hereby cancelled)
+(c) Sections 2153, 2161, 2162, 2163, 2164, and 2165 of title 42, United States Code (also
+known as the "Atomic Energy Act of 1954, as amended")
+(d) Part 1045 of title 10, Code of Federal Regulations
+(e) DoD 5200.1-R, "Information Security Program," January 14, 1997
+(e) DoD Manual 5200.01, Volume 1, "Information Security Program: Overview,
+Classification, and Declassification," February 24, 2012
+(f)
+DoD 5200.2-R, "Personnel Security Program," January 1, 1987
+(f)
+DoD Manual 5200.02, "Procedures for the DoD Personnel Security Program (PSP),"
+April 3, 2017
+(g) DoD 5220.22-R, "Industrial Security Regulation," December 4, 1985 (h) DoD Instruction 5210.67, "Special Nuclear Material Information, Security Classification
+Guide *Guidance*," December 3, 1982 *May 23, 2011*
+(i)
+Classification Guide, Weapons, 5th version, "Joint DOE/DoD Nuclear Weapon
+Classification Policy Guide," October 16, 19951
+(j)
+Department of Energy, Classification Guide, SS-1, "Safeguards and Security Classification
+Guide," current version1
+(k) Classification Guide, RN-1, "Joint DOE/DoD Classification Guide for the Naval Nuclear
+Propulsion Program," Revision 3, February 19961
+(l)
+Topical Classification Guide Weapons Production and Military Use, 2nd version, "Total
+Classification for Weapon Production and Military Use," Change 1, September 15, 20051
+(m) DoD Directive 8500.01E, "Information Assurance (IA)," October 24, 2002
+(mh) DoD Instruction 8500.01, "Cybersecurity," March 14, 2014
+(ni) Executive Order 13526, "Classified National Security Information," December 29, 2009
+
+
+## Enclosure 2 Responsibilities
+
+ 1.  UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE (USD(I)).  The USD(I) shall:
+a.  Develop policy and procedures to implement and manage the RD and FRD security program for access, dissemination, classification, declassification, and handling of RD and FRD information within the DoD in accordance with the Atomic Energy Act of 1954, as amended.
+
+b.  Oversee DoD implementing policies and conduct on-site reviews for DoD Component security programs established in accordance with this Instruction.
+
+
+2.  DEPUTY ASSISTANT SECRETARY OF DEFENSE FOR NUCLEAR MATTERS (DASD(NM)).  The DASD(NM), under the authority, direction, and control of the Under Secretary of Defense for Acquisition, Technology, and Logistics (through the Assistant Secretary of Defense for Nuclear, Chemical, and Biological Defense Programs (ASD(NCB))), shall:
+a.  In consultation with DOE:
+
+(1)  Develop classification guides for programs over which both DoD and DOE have cognizance.
+
+(2)  Determine which information in the RD category relating primarily to the military utilization of nuclear weapons may be placed in the FRD category. (3)  Prepare classification guides for FRD and RD relating primarily to the military utilization of nuclear weapons. (4)  Declassify FRD information, relating primarily to the military utilization of nuclear weapons, which may be published without undue risk to the common defense and security. (5)  Prepare and maintain the list of DoD officials authorized to request access to RD data in the possession of DOE at Enclosure 4.  Provide a copy of this list to DOE.
+
+b.  Disseminate classification and declassification guides for RD and FRD information within the DoD.
+
+c.  Assist the DoD Components, when requested, in determining what information relating to the military utilization of nuclear weapons may be designated as FRD even if it has never been in the RD category.
+
+d.  Provide information as necessary to the DOE Director of Classification to fulfill responsibilities under this section and section 1045.4 of Reference (d). 3.  DIRECTOR OF ADMINISTRATION AND MANAGEMENT (DA&M) DEPUTY CHIEF MANAGEMENT OFFICER (DCMO) OF THE DEPARTMENT OF DEFENSE.  The DA&M
+DCMO shall, in consultation with the USD(I) and the ASD(NCB), develop appropriate guidelines and management controls for Federal advisory committee and subcommittee members whose positions are established by or supported by the DoD who need access to RD, FRD, and Critical Nuclear Weapons Design Information (CNWDI). 4.  DIRECTOR, DEFENSE INFORMATION SYSTEMS AGENCY.  The Director, Defense Information Systems Agency, under the authority, direction, and control of the Assistant Secretary of Defense for Networks and Information Integration/DoD Chief Information Officer, shall ensure DoD Component compliance with this Instruction during inspections of files on the Secret Internet Protocol Router Network (SIPRNET). 5.  HEADS OF THE DoD COMPONENTS WITH ACCESS TO RD AND FRD.  The Heads of DoD Components with access to RD and FRD shall:
+a.  Ensure that RD and FRD are classified in accordance with the policies in this Instruction and References (d) through (l).
+
+
+
+b.  Designate an RD management official to direct and administer the RD classification program within the DoD Component and whose duties shall include:
+
+(1)  Dissemination of implementing directives and classification guides, as needed.
+
+
+(2)  Ensuring that U.S. Government and contractor personnel with access to RD and FRD
+are trained on the procedures for derivative classification, marking, recognizing, and handling RD and FRD information and documents.
+
+c.  Incorporate classification guidance into appropriate security classification guides relevant to their systems, programs, plans or projects, as appropriate.
+
+d.  Assist the DASD(NM) with determining what information, to include RD and FRD
+relating primarily to the military utilization of nuclear weapons, may be placed in the FRD category.
+
+e.  Request changes or additions to the DoD List of Certifying Officials, as described in Enclosure 4, through the DASD(NM).
+
+## Enclosure 3 Procedures
+
+ 1.  ACCESS
+a.  Criteria.  Access to RD information within and between DoD Components, including contractor activities, will be governed by the same procedures and criteria that govern the access to other classified information in accordance with References (e) through (g).  Individuals granted access shall:
+
+(1)  Require access in the performance of official duties (also known as "need to know").
+
+
+
+(2)  Have a valid DoD security clearance at a level commensurate with the information concerned.
+
+
+b.  Requests for Access.  Requests for access to RD in the possession of the DOE or other Federal agencies designated by the DOE, other than DoD and the National Aeronautics and Space Administration (NASA), will be made utilizing DOE Form 5631.20, "Request for Visit or Access Approval."  DOE Form 5631.20 may be accessed at the following DOE website: http://cio.energy.gov/program_planning&mgmt_5000-5999.htm.
+
+
+(1)  The Secretary of Defense; the Deputy Secretary of Defense; the Secretaries of the Military Departments; the Chairman of the Joint Chiefs of Staff; the Under Secretaries of Defense; the Chairman, Nuclear Weapons Council; the Directors of the Defense Agencies; and their designees, are authorized to certify the need of DoD personnel, under their jurisdiction, to have access to RD in the possession of the DOE and other Federal agencies designated by the DOE.  These officials shall forward their lists of designees to the DASD(NM), who shall transmit a composite list to the DOE and to the Deputy Under Secretary of Defense for Policy Review for incorporation into Enclosure 4 of this Instruction.  Strict adherence to need-to-know principles will be followed.
+
+(a)  For the Navy and the Air Force, the authority to certify for RD access in the possession of DOE shall not be designated below the level of the authority granting the security clearance. (b)  For the Army, the authority to certify for RD access shall not be designated below brigade level or equivalent. (c)  For contractor employees, the need for access to RD will, in all cases, be certified by a Government Contracting Officer.
+
+
+(2)  Those persons listed in subparagraph 1.b.(1) of this Enclosure, or their designees, shall submit requests for access to RD through established security channels directly to:
+
+Department of Energy Director of Safeguards and Security Washington, DC  20545
+
+
+(3)  DoD requests for access to RD in the possession of Federal agencies other than DoD
+pertaining to the Army Research Reactor Program and the Navy Research Reactor Program shall be submitted to:
+
+U.S. Nuclear Regulatory Commission Division of Security Washington, DC 20555
+
+(4)  In situations other than specified in subparagraphs 1.b.(2) and 1.b.(3) of this Enclosure, DoD requests for access to RD in the custody of DOE personnel shall be submitted to the DOE Headquarters Division having responsibility for the subject matter involved.
+
+
+(5)  When it is necessary for a DoD activity to establish authority for requesting access directly from DOE Managers of Operations, a request for such authority shall be submitted to the DOE Headquarters Division responsible for the program to which access is required.
+
+
+(6)  DOE has authorized its personnel to accept oral requests in emergencies.  In those instances, all of the information required in DOE Form 5631.20 shall be provided.  Thereafter, an appropriate written confirmation shall be forwarded within 15 days following an oral request.
+Personnel authorized to approve requests for access to or release of RD shall make determinations of emergency situations or conditions.
+
+
+(7)  If an individual requires repeated access to the same type of information or continuing visits to a facility, under the cognizance of the same approving authority, the request shall so specify.  Local arrangements for continuing access may be made for a specified period not to exceed 1 year.  Access by members of the Military Services may be arranged for the specified period of the assignment for which access was originally approved.
+
+
+c.  Access to CNWDI.  Access to and dissemination of CNWDI, as defined in the Glossary, is of particular concern to the DoD.  Because of the extreme sensitivity of this type of information, access must be limited to the absolute minimum number of persons who need it to accomplish their assigned responsibilities.  To meet this objective, the following special procedures for controlling CNWDI information have been established.
+
+
+(1)  At a minimum, the required security clearances for personnel eligible for access to CNWDI shall be final TOP SECRET or SECRET (as appropriate), or DOE "Q" for non-DoD personnel.
+
+
+(2)  U.S. citizenship is required, except in rare instances when an immigrant alien may possess a unique or very unusual talent or skill that is essential to the U.S. Government and not possessed to a comparable degree by an available U.S. citizen.  In such exceptional cases, an affirmative determination shall be made that it is in the overall best interests of the United States to grant CNWDI access to an immigrant alien.  Such a determination shall be made by the Secretary of Defense or his designee, based upon the recommendation of the responsible DoD Component Head.
+
+
+
+(3)  Written or oral communication of CNWDI shall be strictly limited to those personnel who have a need to know.  Management personnel at all levels shall not automatically approve requests for access to CNWDI, but shall insist upon full justification and shall reject any requests that are not completely justified.  The Head of each DoD Component and management personnel at all levels are assigned a special responsibility to ensure that this need-to-know principle is strictly enforced.
+
+
+(4)  Personnel having a need for access to CNWDI shall be briefed on its sensitivity.
+Briefing and access authorizations will be recorded in appropriate security records.  Records of CNWDI briefings and access authorizations will be maintained in a manner that would facilitate verification.
+
+
+(5)  Documents or other media as defined in Reference (e), that contain CNWDI shall be clearly marked, "Critical Nuclear Weapons Design Information - DoD Instruction 5210.02
+applies."  Similar documents published prior to the date of this Instruction will be similarly marked when they are withdrawn from files.  In addition, paragraphs of documents that contain CNWDI will be marked with "(N)" following the classification (e.g., (S-RD)(N)).  This additional marking denotes that the classified material is additionally identified as CNWDI.
+
+
+(6)  Except for the special requirements enumerated in subparagraph 1.c.(5) of this Enclosure, access to CNWDI within and between DoD Components, including DoD contractors, will be controlled in the same manner as other classified information in accordance with References (e) through (g).
+
+
+
+d.  Access to Sigma 14, Sigma 15, and Sigma 20 Information.  Access and distribution of Sigma 14, Sigma 15, and Sigma 20 nuclear weapon data (NWD) is restricted to those individuals with:
+
+
+(1)  Appropriate Sigma 14, Sigma 15, or Sigma 20 authorization requested and approved through the DASD(NM).
+
+
+(2)  Valid need to know.
+
+
+(3)  Final TOP SECRET clearance based on a single scope background investigation or TOP SECRET "Q" for non-DoD personnel.
+
+
+(4)  Access authorization does not imply need to know for all Sigma 14, Sigma 15, and Sigma 20 NWD.
+
+
+(5)  Access authorization of Sigma 15 or Sigma 20 does not grant access to Sigma 14
+NWD.
+
+
+
+(6)  Access verification for Sigma 14, Sigma 15, and Sigma 20 information shall be requested through the DoD Use Control Site Coordinator, Office of the Deputy Assistant Secretary of Defense for Nuclear Matters (ODASD(NM)).
+
+
+e.  Reciprocity.  For other Federal agencies who have a need to know in the performance of their official duties, DoD Components will accept DOE and Nuclear Regulatory Commission (NRC) clearances for access to classified information including RD as shown in Table 1.
+
+ DOE and NRC Clearances
+Equivalent DoD Clearances SECRET
+"L"  (Valid for access up to and including
+SECRET National Security Information
+(NSI) and FRD.  RD access is at the CONFIDENTIAL level.) "Q" TOP SECRET
+TOP SECRET
+
+
+2.  DISSEMINATION
+a.  Criteria.  DoD personnel may disseminate RD information only in accordance with the following guidelines:
+
+(1)  Dissemination of RD information within and between DoD Components, including DoD contractors, will be governed by the same procedures and criteria as govern the dissemination of other classified information in accordance with References (e) through (g).
+
+
+(2)  Dissemination of RD information may be made to properly cleared DOE personnel and to DOE-cleared personnel of other Federal agencies.
+
+
+(3)  Dissemination of RD information pertaining only to nuclear research reactors or nuclear electric power generating reactors may be made to NRC personnel.  RD not related to these reactors may be released to NRC personnel only through DOE.
+
+
+(4)  Dissemination of RD information other than that pertaining to aeronautical and space activities may be released to NASA personnel only through DOE.
+
+
+(5)  In all cases in subparagraphs 2.a.(1) through 2.a.(4) of this Enclosure, dissemination of RD information will be made only after the holder of the information has verified:
+
+
+(a)  The identification of the prospective recipient.
+
+
+
+(b)  The validity of the prospective recipient's clearance.
+
+
+(c)  The need to know of the prospective recipient in connection with official duties.
+
+## B.  Disclosure Prohibitions
+
+
+
+(1)  Dissemination of RD and FRD to any nation or regional defense organization or to a representative of such nation or organization is prohibited except in accordance with agreements for cooperation entered into pursuant to the Atomic Energy Act of 1954, as amended.
+
+
+(2)  Except as provided in subparagraph 2.b.(1) of this Enclosure, FRD will be treated and disseminated in the manner prescribed for classified information in Reference (e).
+
+c.  Protection and Accountability of Sigma 14, Sigma 15, and Sigma 20 Information
+
+
+(1)  Technical discussion of Sigma 14, Sigma 15, and Sigma 20 information is permitted within facilities cleared for classified discussions at the same collateral level.
+
+
+(2)  Verification of clearance, Sigma authorizations, and need to know must be verified for all participants prior to discussions.
+
+
+(3)  Sigma 14 documents shall be inventoried annually.
+
+
+
+(a)  Inventory results of Sigma 14 holdings will be reported annually to the DoD Use Control Program Coordinator (UCPC), ODASD(NM).
+
+
+
+(b)  The ODASD(NM) UCPC will report Sigma 14 holdings to the National Nuclear Security Administration (NNSA) UCPC annually.
+
+
+
+(c)  Requests for transfer of Sigma 14 information outside of the NNSA require prior NNSA approval through the DoD UCPC, ODASD(NM).
+
+
+(4)  Storage requirements for classified material must be consistent with Reference (e), with the following additions for Sigma 14, Sigma 15, and Sigma 20 materials:
+
+
+(a)  Sigma 14 documents must be physically separated by a separate safe or combination-protected safe drawer from non-Sigma 14 documents.
+
+
+
+(b)  Sigma 15 and Sigma 20 documents may be co-mingled with non-Sigma classified documents.
+
+
+
+(c)  Access to the safe containing Sigma 15 or Sigma 20 must be restricted to those who are authorized access to Sigma 15 or Sigma 20 information.
+
+
+
+(d)  Safes containing TOP SECRET Sigma 14 information must be located in a vault or vault-type room.
+
+
+d.  Processing of RD and CNWDI on the SIPRNET
+
+(1)  RD and CNWDI shall be e-mailed only after confirmation that the recipient has a final security clearance at the appropriate level, has a need to know the information, and, for CNWDI, has received the additional security briefing in subparagraph 1.c.(4) of this Enclosure.
+
+
+(2)  All RD and CNWDI files stored on shared and personal local drives shall be password-protected using the standard Microsoft Office file password protection protocol.
+
+
+
+(3)  Websites posting RD and CNWDI information must ensure access is limited to authorized recipients by, at a minimum, a properly administered and protected individual identifier and password consistent with DoD Directive 8500.01E *DoD Instruction 8500.01* (Reference (mh)).
+
+
+
+(4)  Systems logons and properly configured screensavers are sufficient protection for
+e-mail files.
+
+
+(5)  Files contained on the SIPRNET are subject to Defense Information Systems Agency inspections to ensure compliance with this Instruction.
+
+
+(6)  Sigma 14, 15, and 20 information shall not be processed on the SIPRNET. 3.  CLASSIFICATION AND HANDLING
+a.  Classification.  NSI describes any information that has been determined, pursuant to Executive Order 13526 (Reference (ni)), to require protection against unauthorized disclosure. There are 3 levels of NSI:
+
+(1)  TOP SECRET is the classification level assigned to information of the utmost importance to national defense and security.  Unauthorized disclosure could reasonably be expected to cause exceptionally grave damage to national security that the original classification authority is able to identify or describe.
+
+
+(2)  SECRET is the classification level applied to information the unauthorized disclosure of which could reasonably be expected to cause serious damage to national security that the original classification authority is able to identify or describe.
+
+
+(3)  CONFIDENTIAL is the classification level applied to information the unauthorized disclosure of which could reasonably be expected to cause damage to national security that the original classification authority is able to identify or describe.
+
+b.  Handling Instructions
+
+(1)  RD, pursuant to the Atomic Energy Act of 1954, as amended, describes all data concerning the design, manufacture, or utilization of atomic weapons; production of special
+
+nuclear material (SNM); or use of SNM in the production of energy.  SNM includes plutonium, uranium-233, and uranium enriched in isotope 235.  A few examples of RD are:
+
+
+(a)  Nuclear weapons design information.
+
+
+1.  Specification and amount of SNM.
+
+
+2.  Dimensions, sketches, drawings, and blueprints.
+
+
+3.  Materials or weapon parts.
+
+
+4.  Detonation systems (amount of high explosives, number of detonators).
+
+
+5.  Nuclear testing information.
+
+## (B)  Production Of Snm.
+
+
+
+1.  Uranium-enriched technology such as gaseous diffusion, gas centrifuge, and laser isotope separation.
+
+
+
+2.  Production reactors and related technologies such as fuel and target technology
+
+and chemical processing of tritium and plutonium.
+
+
+3.  Allocations to weapons programs.
+
+
+(c)  Use of SNM in the Production of Energy.
+
+
+1.  Naval reactors.
+
+
+2.  Military reactors.
+
+
+3.  Space reactor power systems.
+
+
+(2)  FRD describes classified information jointly determined by the DOE or its predecessor agencies and the DoD to be related primarily to the military utilization of atomic weapons and protected as NSI.  A few examples of FRD are:
+
+
+(a)  Nuclear weapon stockpile quantities.
+
+
+
+(b)  Nuclear weapon safety and storage.
+
+
+(c)  Nuclear weapon yield and effects.
+
+
+(d)  Nuclear weapon storage and deployment locations.
+
+## C.  Markings
+
+
+
+(1)  All documents marked RD or FRD must also be marked either TOP SECRET, SECRET, or CONFIDENTIAL and with an appropriate warning as illustrated in Figures 1 and 2.
+
+## Restricted Data
+
+
+This document contains Restricted Data as defined in the Atomic Energy Act of 1954.  Unauthorized disclosure subject to Administrative and Criminal Sanctions.
+
+## Formerly Restricted Data
+
+Unauthorized disclosure subject to Administrative and Criminal Sanctions.  Handle as restricted Data in Foreign Dissemination Section 144.b, Atomic Energy Act of 1954
+
+(2)  All documents containing Sigma 14, Sigma 15, and Sigma 20 information will be marked with an additional caveat marking (e.g., Sigma 14) above the category marking as illustrated in Figure 3.
+
+
+
+## Sigma 14 Restricted Data
+
+
+
+This document contains Restricted Data as defined in the Atomic Energy Act of 1954.  Unauthorized disclosure subject to Administrative and Criminal Sanctions.
+
+
+(3)  All documents containing Sigma 14 information will be marked with the additional handling instruction illustrated in Figure 4.
+
+
+This document may not be reproduced or disseminated beyond original distribution without approval of the originator, the originating agency Use Control Site Coordinator, or the National Nuclear Security Administration Headquarters Use Control Program Coordinator.
+
+d.  Differences Between RD and FRD and NSI.  Table 2 illustrates the differences between
+
+markings and declassification requirements for RD, FRD, and NSI.
+
+
+
+RD AND FRD
+NSI
+Authority
+Atomic Energy Act of 1954
+Executive Order 13526 (Reference (ni)) Documents containing only NSI are automatically declassified on occurrence of an event or date unless specifically exempted. Documents containing only NSI can be declassified by any reviewer designated by the originating
+agency.
+Declassification
+Documents containing RD or FRD are not subject to automatic declassification; in
+accordance with the Atomic Energy Act of 1954, as amended, they always require review prior to declassification. Documents containing RD can only be declassified by authorized DOE reviewers.
+
+Documents containing FRD can only be declassified if it is jointly agreed to by both DOE and DoD reviewers and approved by the designated representative of both departments.  Normally, DoD
+initiates declassification requests of FRD
+material.
+Documents containing only NSI are marked in accordance with Reference (e). Documents containing only NSI must contain automatic declassification instructions. Documents containing only NSI must be portion marked.
+Marking
+Documents containing RD or FRD must have a special warning notice on the front page indicating the presence of RD or FRD.  Additional markings on the interior pages are also required. Documents containing RD or FRD do not have automatic declassification instructions on the front page, even if NSI is also present in the document. DoD documents containing RD or FRD require portion marking.
+
+4.  DECLASSIFICATION
+a.  Declassification of RD and FRD documents.  Only designated individuals within the DOE
+may declassify RD documents.  Only designated individuals within the DoD (Office of the ASD(NCB)) and the DOE may declassify documents marked as FRD as a joint determination by both departments in accordance with joint DoD-DOE classification guides or DoD guides coordinated with DOE.
+
+b.  Automatic declassification prohibition.
+
+
+(1)  Documents containing RD and FRD remain classified until a positive action by an authorized individual is taken within DOE for RD information and jointly by DoD-DOE for FRD
+or in accordance with joint DoD-DOE classification guides or DoD guides coordinated with DOE.
+
+
+(2)  In accordance with the Atomic Energy Act of 1954, as amended, and section 1045.38
+of Reference (d), no date or event for automatic declassification will be applied to RD and FRD
+documents, even if such documents also contain NSI.
+
+
+
+(3)  RD and FRD are exempt from all provisions of Reference (ni) or its predecessor Executive orders, as amended, including automatic declassification. 5.  TRAINING REQUIREMENTS
+a.  In accordance with section 1045.35 of Reference (d), RD management officials shall ensure that persons with access to RD and FRD information are informed on the authorities required to classify and declassify RD and FRD information and documents and on handling procedures.  RD classifiers shall be trained on the procedures for classifying, declassifying, marking, and handling RD and FRD information and documents.
+
+b.  Training shall be at a DOE-certified course or with training materials provided by or coordinated with DOE by authorized DoD RD management officials.
+
+## Enclosure 4 List Of Certifying Officials
+
+ The DASD(NM) maintains the DoD List of Certifying Officials authorized to certify personnel under their jurisdiction for access to RD information (to include CNWDI) in the possession of DOE employees, DOE contractors, and employees of other Federal agencies and their contractors at https://extranet.acq.osd.mil/nm.
+
+
+
+## Glossary Part I.  Abbreviations And Acronyms
+
+ ASD(NCB)
+Assistant Secretary of Defense for Nuclear, Chemical, and Biological Defense Programs
+
+
+CFR
+Code of Federal Regulations
+CNWDI
+Critical Nuclear Weapons Design Information
+
+
+DA&M *DCMO* Director of Administration and Management Deputy Chief Management
+Officer of the Department of Defense
+
+DASD(NM)
+Deputy Assistant Secretary of Defense for Nuclear Matters
+DOE
+Department of Energy
+
+
+FRD
+Formerly Restricted Data
+
+
+NASA
+National Aeronautics and Space Administration
+NNSA
+National Nuclear Security Administration
+NRC
+Nuclear Regulatory Commission
+NSI
+National Security Information
+NWD
+Nuclear Weapon Data
+
+
+ODASD(NM)
+Office of the Deputy Assistant Secretary of Defense for Nuclear Matters
+
+
+RD
+Restricted Data
+
+
+SIPRNET
+Secret Internet Protocol Router Network
+SNM
+Special Nuclear Material
+
+
+UCPC
+Use Control Program Coordinator
+UCSC
+Use Control Site Coordinator
+USD(I)
+Under Secretary of Defense for Intelligence
+
+## Part Ii.  Definitions
+
+ Unless otherwise noted, these terms and their definitions are for the purpose of this Instruction.
+
+
+classified information.  Official information that has been determined to require, in the interests of national security, protection against unauthorized disclosure and that has been so designated. CNWDI.  That TOP SECRET RD or SECRET RD revealing the theory of operation or design of the components of a thermonuclear or implosion-type fission bomb, warhead, demolition munition, or test device.  Specifically excluded is information concerning arming, fusing, and firing systems; limited-life components; and total contained quantities of fissionable, fusionable, and high explosive materials by type.  Among these excluded items are the components that DoD
+personnel set, maintain, operate, test, or replace. DoD personnel.  Military Service personnel, including members of the Reserve Forces and federally recognized members of the National Guard; employees of a DoD Component, including consultants, full-time and temporary part-time employees, and personnel paid from nonappropriated funds; contractors of a DoD Component; and members of Federal advisory committees established or supported by DoD. DoD security clearance.  A clearance granted by a DoD Component pursuant to the provisions of References (f) and (g).  A contractor-granted CONFIDENTIAL security clearance is not valid for access to RD. DOE personnel.  DOE employees, DOE contractors and their employees, and Federal Executive Branch component personnel assigned to the DOE for duty (e.g., the DoD, State Department, NASA). DOE security clearance.  A clearance granted by the DOE pursuant to provisions of the Atomic Energy Act of 1954, as amended.
+
+
+FRD.  Data removed from the RD category upon joint determination by the DOE and DoD that such data relates primarily to the military utilization of atomic weapons and can be adequately safeguarded as classified information.  However, such information is treated the same as RD for purposes of foreign dissemination. NASA personnel.  Any officer, employee, member of an advisory committee, contractor, subcontractor, or officer or employee of a contractor or subcontractor, of NASA, and Federal Executive Branch component personnel assigned to NASA for duty (e.g., the DoD, State Department, DOE). NASA security clearance.  A clearance granted by NASA, pursuant to regulations issued by NASA.
+
+need to know.  A determination that a prospective recipient requires access to specific classified information in order to perform or assist in a lawful and authorized governmental function. NNSA.  All Federal and contractor employees that design, manufacture, or test nuclear weapons and/or explosive devices; retire nuclear weapon components; or administer the preceding programs. NRC personnel.  NRC employees, NRC contractors and their employees, and Federal Executive Branch component personnel assigned to the NRC for duty (e.g., the DoD, State Department, NASA). NRC security clearance.  A clearance granted by the NRC, pursuant to regulations issued by the NRC.
+
+
+NSI.  Any information that has been determined, pursuant to Reference (ni), to require protection against unauthorized disclosure. NWD.  RD or FRD concerning the design, manufacture, or utilization (including theory, development, storage, characteristics, performance, and effects) of nuclear weapons or nuclear weapon components, including information incorporated in or related to nuclear explosive devices. RD.  All data (information) concerning the design, manufacture, or utilization of atomic weapons; the production of SNM; or the use of SNM in the production of energy.  The term does not include data declassified or removed from the RD category pursuant to section 142 of the Atomic Energy Act of 1954, as amended.  See FRD. sensitive use control information.  Information that significantly enhances an adversary's ability to obtain an unauthorized nuclear detonation from a nuclear weapon or device. Sigma 14 information.  The category of sensitive information (including bypass scenarios)
+concerning the vulnerability of nuclear weapons to a deliberate unauthorized nuclear detonation. Sigma 15 information.  The category of sensitive information concerning the design and function of nuclear weapon use control systems, features, and components.  This includes use control for passive and active systems.  It may include weapon design features not specifically part of a use control system.  Not all use control design information is Sigma 15. Sigma 20 information.  The category of NWD that pertains to sensitive improvised nuclear device information.

markdown/dod/i5525_13.md

@@ -0,0 +1,169 @@
+## Department Of Defense Instruction
+
+# Number 5525.13 September 28, 2007 Incorporating Change 2, Effective September 8, 2020
+
+## Subject:  Limitation Of Authority To Deputize Dod Uniformed Law Enforcement Personnel By State And Local Governments
+
+References: (a) Attorney General Memorandum, "Guidelines for Legislation Involving
+Federal Criminal Law Enforcement Authority," June 29, 19841
+(b)
+DoD Directive 5124.02, "Under Secretary of Defense for Personnel and Readiness (USD(P&R))," October 17, 2006
+(c)
+DoD Directive 5210.56, "Use of Deadly Force and the Carrying of Firearms by DoD Personnel Engaged in Law Enforcement and Security Duties," November 1, 2001
+(d)
+Public Law 116-92, "National Defense Authorization Act for Fiscal Year 2020," December 20, 2019
+
+## 1. Purpose
+
+This Instruction:
+
+1.1.  Establishes policy for the use of deputized State or local law enforcement powers by DoD uniformed law enforcement personnel while on duty consistent with Reference (a) and under the authority of Reference (b).
+
+1.2.  Provides guidelines for justification of deputized State or local law enforcement powers and the approval process to request those powers.
+
+## 2. Applicability
+
+This Instruction:
+1 Available from the Director, Law Enforcement Policy and Support, OUSD (P&R), 4040 N.
+
+Fairfax Drive, Suite 200, Arlington, VA, 22203
+2.1.  Applies to the Office of the Secretary of Defense, the Military Departments, the Office of the Chairman of the Joint Chiefs of Staff, the Combatant Commands, the Office of the Inspector General of the Department of Defense, the Defense Agencies, the DoD Field Activities, and all other organizational entities within the Department of Defense (hereafter referred to collectively as the "DoD Components").
+
+2.2.  Does not apply to:
+2.2.1.  Uniformed law enforcement personnel of the National Security Agency's Police Department.
+2.2.2.  Uniformed law enforcement personnel of the Pentagon Force Protection Agency's Pentagon Police Department.
+2.2.3.  Special agents of the Defense Criminal Investigative Organizations (DCIOs).
+
+2.2.4.  Federal deputization.
+
+## 3. Definitions
+
+3.1.  Uniformed Law Enforcement Personnel.  Military Police (Army and Marine Corps), Security Forces (Air Force), Masters'-at-Arms (Navy), and Civilian Police (GS 083 series -
+NSPS Pay Schedules YM and YN) of the DoD Components who wear a military uniform with police identification or a civilian police uniform while on duty.
+
+3.2.  Accredited Training.  A course of instruction offered by a law enforcement agency that meets the accreditation standards of Federal Law Enforcement Training Accreditation (FLETA);
+a State's Police Officers Standards of Training (POST); Commission on Accreditation for Law Enforcement Agencies (CALEA); or equivalent accreditation bodies.
+
+## 4. Policy
+
+It is DoD policy to:
+4.1.  NOT expand DoD law enforcement authorities by seeking deputized State or local law enforcement authority unless:
+
+4.1.1.  The ability to perform an essential command law enforcement function within the jurisdiction is significantly hindered by a lack of authority to enforce State or local laws;
+
+4.1.2.  The need for such law enforcement authority cannot be met effectively by assistance from law enforcement agencies with such authority;
+
+4.1.3.  Adequate internal safeguards and management controls exist to ensure proper exercise of the authority; and
+
+4.1.4.  The advantages to possessing the authority can reasonably be expected to exceed the disadvantages likely involved in exercising the authority.
+
+4.2.  Comply with the deputization justification guidelines in section 6 and the approval process in section 7.
+
+4.3.  Not grandfather any existing cases of deputization of DoD uniformed law enforcement personnel by State and local governments, where such cases do not have the approval of the authorities in section 8 and require that these cases be authorized following the procedures in section 7.
+
+## 5. Responsibilities
+
+5.1.  The Under Secretary of Defense for Personnel and Readiness (USD(P&R)) shall:
+5.1.1.  Develop overall policy and provide guidance for deputization of DoD uniformed law enforcement personnel by State and local governments.
+
+5.1.2.  Act as approval authority for all uniformed law enforcement personnel not under the authority of a Military Department.
+
+5.1.3.  Monitor compliance with this Instruction.
+
+5.2.  The General Counsel of the Department of Defense shall provide advice and assistance on all legal matters, to include the review and coordination on all proposed policies, DoD Issuances, and proposed exceptions to the DoD policies regarding the deputization of DoD uniformed law enforcement personnel by State and local governments.
+
+5.3.  The Secretaries of the Military Departments shall act as approval authority for all uniformed law enforcement personnel under the authority of their respective Military Departments.
+
+5.4.  The DoD Components shall:
+5.4.1.  Ensure compliance with this Instruction.
+
+5.4.2.  Provide requests for exceptions to this Instruction to the USD(P&R) or appropriate Military Department Secretary.
+
+## 6. Deputization Justification Guidelines
+
+6.1.  Authority to Carry a Firearm.  DoD uniformed law enforcement personnel are authorized to carry a firearm, in accordance with Reference (c).  They shall NOT rely on deputized State or local law enforcement authority to carry a firearm in performance of their federal duties.
+
+6.2.  Authority to Seek and Execute an Arrest or Search Warrant.  DoD uniformed law enforcement personnel shall NOT seek or execute an arrest warrant or search warrant under deputized State or local law enforcement authority unless:
+
+6.2.1.  There is reason to believe the person to whom the authority would be applied has committed an offense within DoD law enforcement jurisdiction;
+
+6.2.2.  The person committed an offense involving resistance to the DoD uniformed law enforcement personnel's law enforcement authority; or
+6.2.3.  The authority is necessary to search for and seize property related to such offenses;
+and
+
+6.2.3.1.  There is a demonstrated need based on the past year's experience or a future need based on a particularized event or circumstance that supports a reason to believe that while performing the assigned duties, the DoD uniformed law enforcement personnel shall frequently encounter situations in which it is necessary to rely on deputized State or local law enforcement powers to obtain needed arrest or search warrants;
+
+6.2.3.2.  It is unlikely that timely and effective assistance would be available from another agency with requisite police powers;
+
+6.2.3.3.  The DoD uniformed law enforcement personnel have graduated from an accredited training course in executing arrests and search warrants based on the particular deputized State or local authority; and
+
+6.2.3.4.  The requesting senior installation law enforcement official agrees, should deputized authority be granted by authorities identified in section 7, to establish and implement policies and procedures to prevent unauthorized DoD uniformed law enforcement personnel from using the deputized authority to execute arrests or search warrants.
+
+6.3.  Authority to Make a Warrantless Arrest.  DoD uniformed law enforcement personnel shall NOT make an arrest without a warrant using deputized State or local law enforcement authority unless they have probable cause to believe the person being arrested has committed a felony or such person commits a felony or misdemeanor crime in the presence of DoD uniformed law enforcement personnel; and
+
+6.3.1.  There is a demonstrated need based on the past year's experience or a future need based on a particularized event or circumstance that supports a reason to believe that while performing assigned duties, the DoD uniformed law enforcement personnel shall frequently encounter situations in which it is necessary to rely on deputized State or local law enforcement powers to make an arrest promptly;
+6.3.2.  The conditions of subparagraph 6.2.3.2. exist;
+
+6.3.3.  The DoD uniformed law enforcement personnel have graduated from an accredited training course in making arrests based on the particular deputized State or local authority; and
+
+6.3.4.  The requesting senior installation law enforcement official agrees, should deputized authority be granted by authorities identified in section 7, to establish and implement policies and procedures to prevent unauthorized DoD uniformed law enforcement personnel from using the deputized authority to make warrantless arrests.
+
+
+6.4.  Authority to Serve a Grand Jury Subpoena or Other Legal Process.  DoD uniformed law enforcement personnel shall NOT rely on State or local deputized law enforcement authority to serve a grand jury subpoena, a summons, a court order, or other legal process, unless:
+
+6.4.1.  There is a demonstrated need based on the past year's experience or a future need based on a particularized event or circumstance that supports a reason to believe that while performing assigned duties, the DoD uniformed law enforcement personnel shall frequently encounter situations in which it is necessary to rely on deputized State or local law enforcement authority to serve such process;
+6.4.2.  The conditions of subparagraph 6.2.3.2. exist;
+
+6.4.3.  The DoD uniformed law enforcement personnel have been trained in the serving process based on the particular deputized State or local law enforcement authority; and
+
+6.4.4.  The requesting senior installation law enforcement official agrees, should deputized authority be granted by authorities identified in section 7, to establish and implement policies and procedures to prevent unauthorized DoD uniformed law enforcement personnel from using the deputized authority to serve a Grand Jury subpoena or other legal process.
+
+6.5.  Authority to Administer an Oath or Affirmation.  DoD uniformed law enforcement personnel shall NOT rely on State or local deputized law enforcement authority to administer an oath or affirmation, unless:
+
+6.5.1.  There is a demonstrated need based on the past year's experience or a future need based on a particularized event or circumstance that supports a reason to believe that while performing assigned duties, the DoD uniformed law enforcement personnel shall frequently encounter situations in which it is necessary or desirable to rely on State or local law enforcement authority to administer an oath or affirmation and take a person's statement or testimony under oath or affirmation;
+6.5.2.  The conditions of subparagraph 6.2.3.2. exist;
+
+6.5.3.  The DoD uniformed law enforcement personnel have been trained in administering oaths and affirmations based on the particular deputized State or local law enforcement authority; and
+
+6.5.4.  The requesting senior installation law enforcement official agrees, should deputized authority be granted by authorities identified in section 7, to establish and implement policies and procedures to prevent unauthorized DoD uniformed law enforcement personnel from using the deputized authority to administer oaths or affirmations.
+
+6.6.  Authority to Use a Covert Investigative Technique.  DoD uniformed law enforcement personnel shall NOT rely on State or local deputized law enforcement authority to use a covert investigative technique unless:
+
+6.6.1.  There is a demonstrated need based on the past year's experience or a future need based on a particularized event or circumstance that supports a reason to believe that while performing assigned duties, the DoD uniformed law enforcement personnel shall frequently encounter situations in which it is necessary to rely on deputized State or local law enforcement authority to use such a covert investigative technique;
+6.6.2.  The conditions of subparagraph 6.2.3.2. exist;
+
+6.6.3.  The DoD uniformed law enforcement personnel have graduated from an accredited training course in using the covert investigative technique based on the deputized State or local authority; and
+
+6.6.4.  The requesting senior installation law enforcement official agrees, should deputized authority be granted by authorities identified in section 7, to establish and implement policies and procedures to prevent unauthorized DoD uniformed law enforcement personnel from using the deputized authority for the covert investigative technique.
+
+## 7. Approval Process
+
+7.1.  The senior installation law enforcement official (Provost Marshall, Director of Emergency Services, Security Chief, Chief of Security, or similar official) will prepare the request for authority to accept State or local deputization.
+
+7.1.1.  The request will be based on the justification guidelines in section 6 of this Instruction.
+
+7.1.2.  In addition to addressing the specific items in section 6, the request will include:
+7.1.2.1.  The number of uniformed law enforcement personnel to be granted the authority and a certification that they have received the requisite training to effect the type of deputization.
+
+7.1.2.2.  The time frame envisioned for the authority to be exercised.  Blanket time authorizations will not be considered.
+
+7.1.2.3.  The policies and procedures to prevent misuse of the authority to be employed by the requesting installation law enforcement official.
+7.1.2.4.  A copy of the proposed memorandum of understanding with the State or local jurisdiction that will carry out the deputization, to include the signature of the appropriate official representing that State or local jurisdiction.
+
+7.2.  The request will be forwarded, through the appropriate chain of command for the respective Military Department, and from the DoD Agency head in non-Military Department components, to the approval authorities listed in section 8.
+
+7.3.  The approval authorities will consider the requests and return a decision, by the most expeditious means, through the appropriate channels.
+
+## 8. Approval Authority
+
+The USD(P&R) (for all uniformed law enforcement personnel not under the authority of a Military Department) and the Secretary of a Military Department (for all uniformed law enforcement personnel under the authority of that Military Department) are the approval authorities for the use of deputized law enforcement powers from State or local governments.
+
+## 9. Summary Of Change 2.  This Administrative Change Updates:
+
+a. The title of the Under Secretary of Defense for Intelligence to the Under Secretary of Defense for Intelligence and Security in accordance with Public Law 116-92 (Reference (d)).
+
+b. Administrative changes in accordance with current standards of the Office of the Chief Management Officer of the Department of Defense.
+
+## 10. Effective Date
+
+This Instruction is effective September 28, 2007.

markdown/dod/i6000_16.md

@@ -0,0 +1,215 @@
+## Department Of Defense Instruction Usd(P&R) Subject: Military Health Support For Stability Operations References: (A) Dod Directive 5124.02, "Under Secretary Of Defense For Personnel And Readiness (Usd(P&R))," June 23, 2008
+
+
+(b) DoD Instruction 3000.05, "Stability Operations," September 16, 2009
+
+(c) DoD Directive 5136.01, "Assistant Secretary of Defense for Health Affairs
+(ASD(HA)), "June 4, 2008
+
+(d) Joint Publication 1-02, "Department of Defense Dictionary of Military and
+Associated Terms," current edition
+
+1.  PURPOSE.  This Instruction establishes policy, assigns responsibilities, and provides instructions for military health support of stability operations in accordance with the authority in Reference (a).  Military health support for stability operations is hereafter referred to as medical stability operations (MSOs).
+
+2.  APPLICABILITY.  This Instruction applies to OSD, the Military Departments, the Office of the Chairman of the Joint Chiefs of Staff and the Joint Staff, the Combatant Commands, the Office of the Inspector General of the Department of Defense, the Defense Agencies, the DoD Field Activities, and all other organizational entities within the Department of Defense (hereafter referred to collectively as the "DoD Components").
+
+3.  DEFINITIONS.  See Glossary.
+
+4.  POLICY.  It is DoD policy that:
+a.  MSOs are a core U.S. military mission that the DoD Military Health System (MHS) shall be prepared to conduct throughout all phases of conflict and across the range of military operations, including in combat and non-combat environments.  MSOs shall be given priority comparable to combat operations and be explicitly addressed and integrated across all MHS
+activities including doctrine, organization, training, education, exercises, materiel, leadership, personnel, facilities, and planning in accordance with Reference (b).
+
+b.  The MHS shall be prepared to perform any tasks assigned to establish, reconstitute, and maintain health sector capacity and capability for the indigenous population when indigenous, foreign, or U.S. civilian professionals cannot do so.
+
+c.  The MHS shall be prepared to work closely with relevant U.S. Government departments and agencies, foreign governments and security forces, global and regional international organizations (IOs), U.S. and foreign nongovernmental organizations (NGOs), and private sector individuals and for-profit companies (hereafter referred to as "Private Sector").
+
+d.  DoD health care personnel shall not practice outside their scope of privileges and their profession's scope of practice.
+
+
+e.  Personally identifiable information collected and utilized in the execution of this Instruction shall be safeguarded to the extent applicable.
+
+f.  MSOs shall be conducted with the funding available for those purposes.
+
+5.  RESPONSIBILITIES.  See Enclosure.
+
+6.  RELEASABILITY.  UNLIMITED.  This Instruction is approved for public release and is available on the Internet from the DoD Issuances Website at http://www.dtic.mil/whs/directives.
+
+7.  EFFECTIVE DATE.  This Instruction is effective immediately. Enclosures Responsibilities
+
+
+Glossary
+
+## Enclosure Responsibilities
+
+ 1.  ASSISTANT SECRETARY OF DEFENSE FOR HEALTH AFFAIRS (ASD(HA)).  The ASD(HA), pursuant to DoD Directive 5136.01 (Reference (c)), and under the authority, direction, and control of the Under Secretary of Defense for Personnel and Readiness (USD(P&R)), shall:
+a.  Develop and implement MSO policy options for the Secretary of Defense.
+
+b.  Implement a joint and combined MSO education and training program that promotes interoperability and information sharing with relevant U.S. Government departments and agencies, foreign governments and security forces, IOs, NGOs, and members of the Private Sector, in coordination with the Chairman of the Joint Chiefs of Staff.
+
+c.  Represent the Secretary of Defense on MSO policy and strategy with other U.S.
+
+Government departments and agencies, including the State Department's Coordinator for Reconstruction and Stabilization, foreign governments, IOs, NGOs, and members of the Private Sector, in coordination with the USD(P&R).
+
+d.  Identify DoD-wide MSO capabilities and gaps and recommend priorities to the Secretary of Defense.
+
+e.  Ensure that MHS research, development, and acquisition activities address MSO
+capabilities and are integrated in coordination with the Under Secretary of Defense for Acquisition, Technology, and Logistics (USD(AT&L)).
+
+f.  Establish health standards of care and technical supervision over the MHS in stability operations.
+
+g.  Develop and provide opportunities for personnel from other U.S. Government departments and agencies, foreign governments, IOs, and NGOs to participate in DoD training related to MSOs and in non-DoD education and training programs relevant to health, including stability operations, security cooperation, humanitarian assistance, disaster response, irregular warfare, health diplomacy, and health sector capacity building.
+
+h.  Identify and provide opportunities for MHS personnel to contribute or develop stability operations skills by:
+
+(1)  Participating in non-DoD education and training programs relevant to MSOs.
+
+
+
+(2)  Undertaking tours of duty in other U.S. Government departments and agencies, IOs,
+and NGOs.
+
+i.  Collect and research MSO "best practices" and doctrine from existing U.S. Government agencies and public and private collaborations when developing MSO policy guidance.
+
+j.  Develop measures of effectiveness that evaluate progress in achieving the MSO goals.
+
+k.  Coordinate with the Under Secretary of Defense (Comptroller)/Chief Financial Officer
+(USD(C)/CFO) to determine and address resource requirements for planning and training and execution of MSOs.
+
+l.  Conduct analyses that generate input for health policy decisions, procedures, and standards; provide advice; and make recommendations to the USD(P&R) and the Secretary of Defense regarding MSOs.
+
+
+2.  UNDER SECRETARY OF DEFENSE FOR POLICY (USD(P)).  The USD(P) shall, in coordinating activities pursuant to Reference (b), consider the aspects and appropriateness of MSOs.
+
+3.  USD(C)/CFO.  The USD(C)/CFO shall, consistent with Reference (b), ensure the planning, programming, budgeting, and execution process that addresses resource requirements for MSOs. 4.  ASSISTANT SECRETARY OF DEFENSE FOR NETWORKS AND INFORMATION INTEGRATION/DoD CHIEF INFORMATION OFFICER (ASD(NII)/DoD CIO.  The ASD(NII)/DoD CIO shall, consistent with Reference (b), assist the ASD(HA) with implementing and standardizing information sharing using Web 2.0 technology.
+
+5.  SECRETARIES OF THE MILITARY DEPARTMENTS.  The Secretaries of the Military Departments shall:
+a.  Appoint a senior medical department officer to champion MSO initiatives.
+
+b.  Develop MSO capabilities by organizing, equipping, and training medical personnel to effectively execute MSOs.
+
+c.  Ensure that curriculums in individual and unit training programs and Service schools prepare personnel for joint, interagency, and coalition MSOs.
+
+d.  Support MSO joint concept development, experimentation, and capability development.
+
+e.  Ensure research, development, and acquisition programs address MSO capabilities and are integrated, in coordination with the USD(AT&L).
+
+
+
+f.  Support, as appropriate, interagency requests for personnel and assistance to bolster the capabilities of U.S. Government departments and agencies to prepare for and conduct MSOs as appropriate, in coordination with the USD(P).
+
+
+g.  Ensure public affairs programs effectively support MSOs.
+
+h.  Develop measures of effectiveness that evaluate progress in achieving the goals listed in paragraphs 5.b through 5.g. of this enclosure.
+
+6.  CHAIRMAN OF THE JOINT CHIEFS OF STAFF.  The Chairman of the Joint Chiefs of Staff shall:
+
+a.  Identify MSO capabilities and assess their development.
+
+b.  Develop MSO joint doctrine in consultation with relevant DoD Components, U.S.
+
+Government departments and agencies, foreign governments and security forces, IOs, NGOs, and members of the Private Sector.
+
+c.  Provide annual training guidance that addresses MSO capabilities and analyze training results.
+
+d.  Support the USD(P) and the ASD(HA) and appropriate U.S. Government departments and agencies through participation in U.S. Government and multinational stability operations planning processes.
+
+7.  COMMANDERS OF THE GEOGRAPHIC COMBATANT COMMANDS.  The Commanders of the Geographic Combatant Commands, through the Chairman of the Joint Chiefs of Staff, shall:
+
+a.  Identify MSO requirements.
+
+b.  Incorporate MSOs into campaign plans; theater security cooperation plans; military training, exercises, and planning, including intelligence campaign plans; and intelligence support plans.
+
+c.  Engage relevant U.S. Government departments and agencies, foreign governments and security forces, IOs, NGOs, and members of the Private Sector in MSO planning, training, and exercising, as appropriate, in coordination with the Chairman of the Joint Chiefs of Staff, the USD(P), and the ASD(HA).
+
+d.  Submit MSO ideas and issues to the Commander, U.S. Joint Forces Command
+(USJFCOM), for further exploration as part of the joint experimentation program.
+
+
+e.  Ensure unity of command and unity of effort for health engagement activities within their command and subordinate theater of operations.
+
+8.  COMMANDER, USJFCOM.  The Commander, USJFCOM, through the Chairman of the Joint Chiefs of Staff, shall:
+a.  Explore new MSO concepts and capabilities as part of the joint concept development and experimentation program, in coordination with the USD(P) and the Chairman of the Joint Chiefs of Staff.
+
+b.  Develop organizational and operational concepts for the military-civilian teams described in Reference (b) including their composition, staffing, and sourcing in coordination with relevant DoD Components, U.S. Government departments and agencies, foreign governments, IOs, NGOs, and members of the Private Sector.
+
+c.  Establish, design, and conduct modeling and simulations to identify innovative ideas for MSOs, in coordination with the Combatant Commanders, the Secretaries of the Military Departments, the USD(P), and the Chairman of the Joint Chiefs of Staff.
+
+d.  Support Combatant Commander MSO training and ensure forces assigned to USJFCOM
+are trained for MSOs, to include medical support of forces engaged in stability operations in remote, austere, and inhospitable environments.
+
+e.  Gather and disseminate lessons-learned from MSOs.
+
+f.  Participate in the Defense science and technology planning process to ensure MSO
+requirements are supported by Defense technology objectives and advanced concept technology demonstrations (ACTDs).  Recommend sponsors for ACTDs as appropriate.
+
+g.  Participate in the Defense operational test and evaluation planning process to ensure MSO
+requirements are supported by joint test and evaluations (JT&Es) programs.  Recommend sponsors for JT&Es as appropriate.
+
+h.  Develop joint public affairs capabilities for MSOs.
+
+## Glossary Part I.  Abbreviations And Acronyms
+
+
+ACTD
+
+
+advanced concept technology demonstration
+ASD(HA)
+
+
+Assistant Secretary of Defense for Health Affairs
+ASD(NII)/DoD CIO
+
+Assistant Secretary of Defense for Networks and Information
+
+
+Integration/DoD Chief Information Officer IO
+
+
+international organization
+
+JT&E
+
+
+joint test and evaluation MHS
+
+
+Military Health System
+MSO
+
+
+medical stability operation NGO
+
+
+nongovernmental organization USD(AT&L)
+
+
+Under Secretary of Defense for Acquisition, Technology, and
+
+
+Logistics
+USD(C)/CFO
+
+
+Under Secretary of Defense (Comptroller)/Chief Financial Officer
+USD(P)
+
+
+Under Secretary of Defense for Policy
+USD(P&R)
+
+
+Under Secretary of Defense for Personnel and Readiness
+USJFCOM
+
+
+United States Joint Forces Command
+
+## Part Ii.  Definitions
+
+ DoD MHS.  For the purposes of this Instruction, the DoD medical and dental programs, personnel, facilities, and other assets by which the Department of Defense provides health care services and support to the Military Services during military operations and health care services and support under TRICARE to members of the Military Services, their family members, and others entitled to DoD
+medical care.
+
+
+stability operations.  Defined in Joint Publication 1-02 (Reference (d)).

markdown/dod/i7050_03.md

@@ -0,0 +1,101 @@
+## Department Of Defense Instruction
+
+NUMBER 7050.03
+March 22, 2013
+Incorporating Change 1, Effective April 24, 2020
+IG DoD
+SUBJECT: Office of the Inspector General of the Department of Defense Access to Records and Information References: See Enclosure 1 1. PURPOSE.  In accordance with Title 5, United States Code Appendix (Reference (a)), and the authority in DoD Directive 5106.01 (Reference (b)), this instruction reissues DoD Instruction 7050.3 (Reference (c)) to implement statutory authority and Departmental policy, and assign responsibilities for providing expeditious access to DoD records and information required by members of the Office of the Inspector General of the Department of Defense (OIG DoD) while performing their official duties.
+
+2. APPLICABILITY.  This instruction applies to:
+a. OSD, the Military Departments, the Office of the Chairman of the Joint Chiefs of Staff and the Joint Staff, the Combatant Commands, OIG DoD, the Defense Agencies, the DoD Field Activities, and all other organizational entities within the DoD (referred to collectively in this instruction as the "DoD Components").
+
+b. Appropriated and nonappropriated fund activities.
+3. POLICY.  In accordance with References (a) and (b), it is DoD policy that:
+a. The OIG DoD must have expeditious and unrestricted access to all records as defined in DoD Instruction 5015.02 (Reference (d)), regardless of classification, medium (e.g., paper, electronic) or format (e.g., digitized images, data) and information available to or within any DoD Component, and be able to obtain copies of all records and information as required for its official use once appropriate security clearances and access are substantiated for the OIG DoD personnel involved.
+
+Lynne M. Halbrooks Principal Deputy Performing the Duties of the Inspector General of the Department of Defense
+
+b.  No officer, employee, contractor, or Service member of any DoD Component may deny the OIG DoD access to records.  Only the Secretary of Defense can deny access to certain types of records or information based on criteria listed in section 8 of Reference (a), and paragraph
+6a(1) of Reference (b). 4.  RESPONSIBILITIES.  See Enclosure 2.
+
+5.  RELEASABILITY.  **Cleared for public release**.  This instruction is available on the Directives Division Website at https://www.esd.whs.mil/DD/.
+
+6.  SUMMARY OF CHANGE 1.  The change to this issuance updates references and removes expiration language in accordance with current Chief Management Officer of the Department of Defense direction. 7.  EFFECTIVE DATE.  This instruction is effective March 22, 2013. Enclosures
+
+1.  References
+
+2.  Responsibilities Glossary
+
+## Enclosure 1 References
+
+(a)
+Title 5, United States Code Appendix, "The Inspector General Act of 1978," as amended
+(b)
+DoD Directive 5106.01, "Inspector General of the Department of Defense (IG DOD),"
+April 20, 2012, as amended
+(c)
+DoD Instruction 7050.3, "Access to Records and Information by the Inspector General,
+Department of Defense," April 24, 2000 (hereby cancelled)
+(d)
+DoD Instruction 5015.02, "DoD Records Management Program," February 24, 2015, as
+amended
+(e)
+Executive Order 13526, "Classified National Security Information," December 29, 2009
+(f)
+DoD Manual 5200.01, "DoD Information Security Program," February 24, 2012, as
+amended
+(g)
+DoD Instruction 6055.07, "Mishap Notification, Investigation, Reporting, and Record
+Keeping," June 6, 2011, as amended
+(h)
+DoD Directive 6495.01, "Sexual Assault Prevention and Response (SAPR) Program,"
+January 23, 2012, as amended
+(i)
+Chapters 29, 31, and 33 and section 3301 of Title 44, United States Code
+(j)
+DoD 5400.11-R, "Department of Defense Privacy Program," May 14, 2007
+(k)
+Office of the Chairman of the Joint Chiefs of Staff, "DoD Dictionary of Military and
+Associated Terms," current edition
+
+## Enclosure 2 Responsibilities
+
+ 1.  INSPECTOR GENERAL OF THE DEPARTMENT OF DEFENSE (IG DoD).  The IG DoD:
+a.  Ensures that the OIG DoD officials possess proper security clearance and access when requesting classified records or information in accordance with Executive Order 13526
+(Reference (e)).
+
+b.  Establishes procedures for confirming to the DoD Components the security clearances and access of OIG DoD personnel requesting access to classified records or information.
+
+
+
+c.  Ensures that when OIG DoD officials require access to DoD Special Access Program records or information, a completed program access request (DD Form 2835) is submitted to the DoD Special Access Program Central Office.
+
+d.  Establishes procedures to provide for the proper safeguarding and control of records and information obtained by the OIG DoD in compliance with applicable directives or instructions, including References (d) and (e), DoD Manual 5200.01 (volumes 1 through 4), DoD Instruction 6055.07, and DoD Directive 6495.01 (References (f) through (h), respectively), and ensures their correct implementation in order to preclude unauthorized access to classified information and to correctly apply access and distribution controls and other protective measures on all information which requires them.
+
+e.  Ensures OIG DoD officials coordinate access and life cycle management of DoD
+Component records in accordance with the National Archives and Records Administrationapproved records disposition schedules available from the DoD Component records management officers and in accordance with Reference (d) and chapters 29, 31, and 33 of Title 44, United States Code (Reference (i)).  This coordination must also include, but not be limited to, suspension actions such as record holds, freezes, moratoriums, or preservation orders related to the approved records disposition to facilitate continued access to records.
+
+f.  Ensures DoD Component objections to the release of records or information requiring action by the Secretary of Defense are submitted in writing to the Secretary of Defense no later than 15 business days from the date of receipt by the OIG DoD.
+
+g.  All records and information obtained by the OIG DoD officials must be properly disposed of or returned to the Component from which it was requested once they are no longer needed according to records management, classification, and privacy policy in accordance with DoD 5400.11-R (Reference (j)).
+
+2.  DoD COMPONENT HEADS.  The DoD Component heads establish procedures to ensure that:
+a.  Except as permitted by paragraph 2b of this enclosure, requests for access to records or information under authorized OIG DoD audit, investigation, follow-up, or oversight projects are granted immediately when submitted by an OIG DoD member deemed eligible in accordance with applicable security policy, and that such access includes obtaining copies of all records as required for official use.
+
+b.  Objections in accordance with section 8 of Reference (a), and paragraph 6a(1) of Reference (b) requiring action by the Secretary of Defense regarding the release of records or information described in paragraph 2a of this enclosure are submitted in writing to the IG DoD
+by the Component head no later than 15 business days from the date of the OIG DoD request.
+
+## Glossary Part I.  Acronyms And Abbreviations
+
+IG DoD
+Inspector General of the Department of Defense
+OIG DoD
+Office of the Inspector General of the Department of Defense
+
+## Part Ii.  Definitions
+
+Unless otherwise noted, these terms and their definitions are for the purposes of this instruction.
+
+information.  Knowledge or data not contained in records, usually communicated by means of an oral discussion or interview. life cycle.  Defined in the DoD Dictionary of Military and Associated Terms (Reference (k)). nonappropriated fund.  Defined in Reference (k).
+
+records.  Defined in Reference (d).

markdown/dod/i8531_01.md

@@ -0,0 +1,574 @@
+## Dod Instruction 8531.01 Dod Vulnerability Management
+
+
+
+Originating Component:
+Office of the DoD Chief Information Officer
+
+Effective:
+September 15, 2020
+
+Releasability:
+Cleared for public release.  Available on the Directives Division Website at https://www.esd.whs.mil/DD/.
+
+Approved by:
+Dana Deasy, DoD Chief Information Officer
+Purpose: In accordance with the authority in DoD Directive 5144.02, this issuance:
+- Establishes policy, assigns responsibilities, and provides procedures for DoD vulnerability
+management and response to vulnerabilities identified in all software, firmware, and hardware within the DoD information network (DODIN).
+- Establishes a uniform DoD Component-level cybersecurity vulnerability management program
+based on federal and DoD standards.
+- Establishes policy and assigns responsibilities for the DoD Vulnerability Disclosure Program (VDP).
+- Establishes policy, assigns responsibilities, and provides procedures for DoD's participation in the
+Vulnerabilities Equities Process (VEP), in accordance with the Vulnerabilities Equities Policy and Process for the U.S. Government (USG).
+
+## Table Of Contents
+
+ SECTION 1:  GENERAL ISSUANCE INFORMATION ........ 4
+1.1.  Applicability. ........ 4 1.2.  Policy. ........ 4
+SECTION 2:  RESPONSIBILITIES ........ 5
+2.1.  DoD Senior Information Security Officer (DoD SISO). ........ 5 2.2.  Director, Defense Information Systems Agency (DISA). ........ 5 2.3.  Under Secretary of Defense for Aquisition and Sustainment (USD(A&S)). ........ 6 2.4.  Under Secretary of Defense for Research and Engineering. ........ 7 2.5.  Under Secretary of Defense for Intelligence and Security (USD(I&S)). ........ 8 2.6.  DIRNSA/CHCSS. ........ 8
+2.7.  Director, Defense Health Agency. ........ 9
+2.8.  USD(P). ........ 9 2.9.  Under Secretary of Defense (Comptroller)/Chief Financial Officer, Department of
+Defense. ........ 10
+2.10.  DoD Component Heads. ........ 10 2.11.  Secretary of the Air Force. ........ 11 2.12.  CJCS. ........ 12 2.13.  Commander, USCYBERCOM. ........ 12
+SECTION 3:  VULNERABILITY MANAGEMENT PROCESS ........ 14
+3.1.  General. ........ 14 3.2.  Step 1: Vulnerability Identification. ........ 14
+a.  Vulnerability Scanning........ 15 b.  Penetration Testing. ........ 15 c.  Security Controls Assessment. ........ 15 d.  Historical Documentation. ........ 15 e. Coordinated VDP ........ 16 f.  VEP ........ 16
+3.3.  Step 2: Vulnerability Analysis. ........ 17
+a.  Impact Assessment. ........ 17 b.  Analysis Prioritization. ........ 17
+3.4.  Step 3: Analysis Reporting. ........ 17 3.5.  Step 4: Remediation and Mitigation. ........ 19 3.6.  Step 5: Verification and Monitoring. ........ 19
+GLOSSARY ........ 21
+G.1.  Acronyms. ........ 21 G.2.  Definitions. ........ 22
+REFERENCES ........ 24 TABLES Table 1.  CVSS Qualitative Severity Rating Scale ........ 18
+
+
+FIGURES
+Figure 1.  Vulnerability Management Process ........ 14
+
+## Section 1:  General Issuance Information 1.1.  Applicability.
+
+This issuance applies to OSD, the Military Departments, the Office of the Chairman of the Joint Chiefs of Staff and the Joint Staff, the Combatant Commands, the Office of Inspector General of the Department of Defense, the Defense Agencies, the DoD Field Activities, and all other organizational entities within the DoD (referred to collectively in this issuance as the "DoD Components").
+
+## 1.2.  Policy.
+
+The DoD will:
+a.  Use the DoD vulnerability management process to manage and respond to vulnerabilities identified in all software, firmware, and hardware within the DODIN.
+
+b.  Ensure configuration, asset, remediation, and mitigation management supports vulnerability management within the DODIN in accordance with DoD Instruction (DoDI) 8510.01.
+
+c.  Support all systems, subsystems, and system components owned by or operated on behalf of DoD with efficient vulnerability assessment techniques, procedures, and capabilities.  In leased systems, enforcement is included in contract language to mitigate vulnerabilities consistent with DoD policies.
+
+d.  Maintain the requirements for DoD participation in the VEP and ensure DoD and OSD
+Components submit a vulnerability to the VEP that is both a newly discovered vulnerability and not publicly known vulnerability, as soon as practicable.
+
+e.  Develop and maintain a coordinated VDP.
+
+## Section 2:  Responsibilities 2.1.  Dod Senior Information Security Officer (Dod Siso).
+
+Under the authority, direction, and control of the DoD Chief Information Officer, the DoD SISO:
+
+a.  Develops policy and guidance for the management of cybersecurity vulnerabilities.
+b.  Ensures DoD Information Security Continuous Monitoring capability incorporates information from vulnerability management activities and capabilities.
+
+c.  Establishes guidance on the frequency of configuration compliance checks.
+
+d.  Specifies methodologies, metrics, and collection capabilities for DoD Components to measure the effectiveness of and compliance with DoD Component vulnerability management processes.
+
+e.  Oversees software, firmware, and hardware vulnerability management, automated patch management, and compliance auditing capabilities (e.g., DoD established technical capabilities) developed for the DoD enterprise.
+
+f.  Provides policy and guidance for the DoD Cyber Crime Center (DC3), oversees operations in accordance with the VDP and integrates critical VDP metrics into compliance reporting to provide accountability for remediation and mitigation of discovered vulnerabilities.
+
+g.  Coordinates with the National Institute of Standards and Technology (NIST) in the development of vulnerability management standards and guidelines in collaboration with the Director, National Security Agency/Chief, Central Security Service (DIRNSA/CHCSS).
+
+h.  Provides one or more subject matter expert (SME) to support equities determinations and discussions for the VEP as needed.
+
+i.  Integrates key VDP metrics into the DoD Cybersecurity Scorecard.
+
+## 2.2.  Director, Defense Information Systems Agency (Disa).
+
+Under the authority, direction, and control of the DoD Chief Information Officer, and in addition to the responsibilities in Paragraph 2.10., the Director, DISA:
+
+a.  Maintains the Defense Asset Distribution Systems DoD Patch Repository.
+(1)  Provides access on major DoD enterprise networks to patches for DoD-approved software used by DoD systems or devices that can be automatically leveraged by automated patching services, where possible, or manually downloaded and applied, when necessary.
+
+(2)  Tests and verifies patch source and integrity to ensure the patch is valid and is not maliciously or accidentally altered.
+
+b.  Acquires and develops capabilities, standards, and integration frameworks for vulnerability management, asset management, configuration management, and remediation or mitigation management.
+
+c.  Maintains a list of available enterprise-designated automated vulnerability management capabilities approved for DoD Components' use.
+
+d.  Develops security technical implementation guides and security requirements guides for information systems, networks, and devices.
+
+e.  Establishes contracts and non-disclosure agreements or memorandums of agreement with vendors for systems, system components, and devices used across the DoD to:
+
+(1)  Facilitate the exchange of vulnerability management-related information.
+(2)  Validate and measure compliance with current DoD vulnerability managementrelated direction through an automated process.
+
+(3)  Authorize hosting and distribution of software, firmware, and patches for licensed and copyrighted products.
+
+f.  Provides operational concepts and guides for the DoD Components' use of all DISA-
+provided vulnerability management systems and capabilities.
+
+g.  Maintains the Continuous Monitoring Risk Scoring System. h.  Coordinates any DoD vulnerability management, asset management, configuration management, and remediation or mitigation management issues or concerns with Commander, United States Cyber Command (USCYBERCOM), and Joint Force Headquarters-DoD Information Network (JFHQ-DODIN).
+i.  When vendor-provided security hardening guidance is insufficient for DoD's security needs, develops cybersecurity configuration guidance pursuant to DoDI 8500.01 and Committee on National Security Systems Instruction (CNSSI) No. 1253 in collaboration with the DIRNSA/CHCSS.
+
+2.3.  UNDER SECRETARY OF DEFENSE FOR AQUISITION AND SUSTAINMENT
+(USD(A&S)).
+
+The USD(A&S):
+a.  Identifies, develops, updates, and implements policy and processes for the DoD
+acquisition contracting process for software maintenance and sustainment support to ensure:
+(1)  Consistency and coherence of vulnerability assessment across systems and their interfaces.
+
+(2)  Secure configuration and active responsiveness to vulnerability remediation and mitigation actions within DoD-approved programs throughout the life cycle of the program.
+
+(3)  Secure software development and reduction of software vulnerabilities to new and existing software by planning for near real-time software vulnerability identification and regularly scheduled patch cycles.
+
+b.  Ensures acquisition policy includes requirements for the identification, planning, and replacement of unsupported software, firmware, and hardware during a system's life cycle and the identification of developed software components (e.g., executable programs) installed on DoD devices in accordance with DoDI 5000.02T.
+
+c.  Incorporates security assurance checks into procurement and acquisition policy to reduce DoD risk associated with malign use of the product or products.
+
+d.  Provides guidance for the management of software, hardware, and firmware vulnerabilities through the Defense Federal Acquisition Regulation and any supporting Defense Federal Acquisition Regulation Supplement, and through other applicable government acquisition policies and guidelines.
+
+e.  Provides one or more SMEs to support equities determinations and discussions for the VEP as needed.
+
+## 2.4.  Under Secretary Of Defense For Research And Engineering.
+
+The Under Secretary of Defense for Research and Engineering:
+a.  Provides one or more SMEs to support equities determinations and discussions for the VEP as needed.
+
+b.  Provides oversight of the Federally Funded Research and Development Centers, National Laboratories, and University Affiliated Research Centers, to ensure they report qualified vulnerabilities to the VEP when discovered in a DoD-sponsored project, in coordination with USD(A&S).
+
+c.  Notifies the Under Secretary of Defense for Policy (USD(P)) VEP point of contact of any applicable vulnerabilities identified during cyber incident damage assessments carried out by or reported to the OSD Damage Assessment Management Office.
+
+d.  Ensures the OSD Damage Assessment Management Office provides cybersecurity vulnerability damage assessments.
+
+e.  Maintains the DoD Joint Federated Assurance Center to:
+
+(1)  Support defense system requirements.
+(2)  Ensure the security of software and hardware developed, acquired, maintained, and used by the DoD.
+
+## 2.5.  Under Secretary Of Defense For Intelligence And Security (Usd(I&S)).
+
+The USD(I&S):
+a.  Coordinates with DoD SISO on security policy and related intelligence and security matters for safeguarding information on systems and networks.
+
+b.  Provides one or more SMEs to support equities determinations and discussions for the VEP as needed.
+
+c.  Approves or denies requests for public disclosure of VDP vulnerabilities in coordination with the USD(P) and DC3.
+
+## 2.6.  Dirnsa/Chcss.
+
+Under the authority, direction, and control of the USD(I&S), and in addition to the responsibilities in Paragraph 2.10., the DIRNSA/CHCSS:
+a.  Assesses the overall security posture of all DoD systems and disseminates information on threats and vulnerabilities impacting DoD system components in coordination with USCYBERCOM.
+
+b.  Provides cybersecurity support to DoD Components to assess vulnerabilities and establish security implementation specifications and, in collaboration with DISA, develops security technical implementation guides.
+
+c.  Identifies, monitors, and analyzes vulnerabilities of software, firmware, and hardware used by DoD.
+
+d.  Serves as the VEP Executive Secretariat (ES). e.  Serves as one of four DoD representatives for the VEP to the National Security Council staff for interagency meetings, such as the Equities Review Board (ERB) as established in the Vulnerabilities Equities Policy and Process for the USG, and additional department-level activities.
+
+f.  Designates a VEP point of contact to serve both as the focal point for vulnerability submissions from National Security Agency (NSA) to the VEP and the primary contact for NSA for communication and coordination with the VEP ES.
+
+g.  Manages risk assessments, mitigation processes, and timelines for remediating vulnerabilities found in cryptographic government-off-the-shelf equipment, systems certified by NSA/Central Security Service (CSS), or vulnerabilities discovered in any cryptographic function, whether in hardware, firmware, or software approved by NSA/CSS. Submit those vulnerabilities to the VEP as applicable.
+
+## 2.7.  Director, Defense Health Agency.
+
+Under the authority, direction, and control of the Under Secretary of Defense for Personnel and Readiness, through the Assistant Secretary of Defense for Health Affairs, and in addition to the responsibilities in Paragraph 2.10., the Director, Defense Health Agency, in accordance with DoDI 6530.01:
+a.  Exercises oversight for the management of software, firmware, and hardware vulnerabilities within DoD medical systems and devices.
+
+b.  Provides additional specialized guidance, as required, for DoD medical devices in accordance with FDA-2015-D-5105 and FDA-2013-S-0610.
+
+2.8.  USD(P).
+
+The USD(P):
+a.  Ensures the development of VDP's scope and activities are consistent to improve relations with the security researcher community.
+
+b.  Ensures VDP is transparent to the public. c.  Coordinates and approves any requested changes to the VDP scope.
+d.  Approves or denies requests for public disclosure of VDP vulnerabilities in coordination with the USD(I&S) and DC3.
+
+e.  Serves as the primary DoD representative for the VEP to the National Security Council staff for interagency meetings, such as the ERB, and additional department-level activities.
+
+f.  Designates a VEP point of contact to serve as the focal point for vulnerability submissions from OSD components to the VEP and the primary OSD contact for communication and coordination with the VEP ES.
+
+g.  Appoints SMEs from DoD Components to support equities determinations and discussions for the VEP as needed.
+
+
+
+## 2.9.  Under Secretary Of Defense (Comptroller)/Chief Financial Officer, Department Of Defense.
+
+The Under Secretary of Defense (Comptroller)/Chief Financial Officer, Department of Defense:
+a.  Exercises oversight for the management of software and hardware vulnerabilities within financially-significant systems and applications.
+
+b.  Provides additional specialized guidance, as required, for financial improvement and audit readiness controls in accordance with the guidance in the Federal Information Systems Controls Audit Manual.
+
+## 2.10.  Dod Component Heads.
+
+The DoD Component heads:
+a.  Establish the DoD Vulnerability Management Process through a vulnerability management program for systems, subsystems, and system components.
+
+b.  Establish asset management, configuration management, and remediation and mitigation programs to support their vulnerability management process.
+
+c.  Designate the organizations responsible for directing and managing the vulnerability management program and coordinating with JFHQ-DODIN.
+
+d.  Coordinate all vulnerability reports and assessments with USCYBERCOM/JFHQ-DODIN
+as required.
+
+e.  Create a DoD Component-level or Service-level prioritization and scheduling plan for the deployment of patches, updates, configuration changes, hardware upgrades, or directed actions to remediate vulnerabilities.
+
+f.  Track and report mitigations and risk acceptance status to JFHQ-DODIN.
+
+g.  Request assistance, as needed, from the Joint Federated Assurance Center in the establishment of vulnerability management programs, vulnerability tracking and reporting, and the incorporation of software, firmware, and hardware vulnerability analysis capabilities.
+
+h.  Establish and provide guidance to system owners and program managers on mitigation deployment, DoD Component risk tolerance, and designated authority to accept risk.
+
+i.  Implement patches, upgrades, and other remediation or mitigation actions directed by the Commander, USCYBERCOM, through JFHQ-DODIN, and as applicable based on network/system scans.
+
+j.  Identify and provide guidance on security-relevant configurations for DoD Component software, firmware, and hardware.
+
+k.  Determine and communicate requirements for mitigations by the system owner, program manager, or other DoD Component organizations.
+
+l.  Account for all software, firmware, and hardware items used on systems, system components, and devices owned or operated on behalf of the DoD Component; maintain current inventory in DoD information technology asset management systems.
+
+m.  Ensure DoD Component conducts audits for patching, compliance, and reporting. n.  Ensure DoD Component creates and uses unique item identifiers and automated systems for software, firmware, and hardware items in accordance with DoDI 8320.03 and 8320.04.
+
+o.  Provide SMEs to support equities determinations and discussions for the VEP as needed.
+
+## 2.11.  Secretary Of The Air Force.
+
+In addition to the responsibilities in Paragraph 2.10., the Secretary of the Air Force, through the Director, DC3:
+a.  Manages the DoD's VDP public engagement efforts. b.  Functions as the single focal point for receiving vulnerability reports and interacting with researchers supporting the VDP.
+
+c.  Coordinates with JFHQ-DODIN to ensure the delivery of reports to the system's owner and helping the remediation team as quickly as possible.
+
+d.  Coordinates and gains approval from USCYBERCOM/JFHQ-DODIN before releasing requests by researchers for the public disclosure of vulnerabilities according to the policy and procedures approved by the USD(P) and Assistant to the Secretary of Defense for Public Affairs, and the USD(I&S) as appropriate.
+
+e.  Coordinates with JFHQ-DODIN to ensure vulnerabilities discovered as part of the VDP
+are considered for submission through USCYBERCOM to the VEP.
+
+f.  Operates, maintains, and provides user training for the Vulnerability Report Management Network (VRMN) platform for use by DC3, JFHQ-DODIN, and the components.
+
+g.  Serves as one of four DoD representatives for VEP to the National Security Council staff for interagency meetings, such as the ERB.
+
+h.  Designates a VEP point of contact to serve as the focal point for vulnerability submissions from DC3 to the VEP for coordination with the VEP ES.
+
+i.  Disseminates remediation and mitigation options-approved through the VEP to the Defense Industrial Base.
+
+## 2.12.  Cjcs.
+
+In addition to responsibilities in Paragraph 2.10., the CJCS:
+a.  Manages military support to the VEP and oversees the execution of USCYBERCOM's roles and responsibilities for the VEP.
+
+b.  Ensures that joint equities and the potential impact of vulnerabilities on joint operations are represented in VEP submissions to USCYBERCOM, in coordination with the Combatant Commands.
+
+c.  Coordinates internal reviews of DoD and interagency VEP submissions with the Combatant Commands and Military Departments.
+
+d.  Coordinates vulnerability submissions from the Combatant Commands to USCYBERCOM for review and submission to the VEP.
+
+## 2.13.  Commander, Uscybercom.
+
+In addition to the responsibilities in Paragraph 2.10., the Commander, USCYBERCOM:
+a.  Establishes and assigns responsibilities for managing DoD-wide vulnerabilities through JFHQ-DODIN.
+
+(1)  Establishes procedures to direct and track implementation of patches, updates, configuration changes, hardware upgrades, and other remediation or mitigation actions.
+
+(2)  Directs and prioritizes specific measures to remediate or mitigate software, firmware, and hardware vulnerabilities and threat activities, including disconnection from DODIN transport services, under assigned directive authority for cyberspace operations.
+
+(3)  Distributes or produces orders and directives to DoD Components to mitigate or prevent the risk of threats exploiting vulnerabilities.
+
+(4)  Oversees DoD Component implementation and reporting on directed vulnerability management actions.
+
+(5)  Manages operational risk for systems, subsystems, and system components operating or connected to the DODIN.
+
+(6)  Receives VDP reports from DC3 and directs actions to mitigate and remediate vulnerabilities within the VRMN platform. The VRMN is located at: https://vrmn.dc3.smil.mil.
+
+(7)  Appoints SMEs to support equities determinations and discussions for the VEP as needed.
+
+b.  Establishes an office to serve as the primary DoD focal point for receiving and processing all vulnerability submissions from DoD to the VEP in coordination with the CJCS and the USD(P).
+c.  Serves as one of four DoD representatives for VEP to the National Security Council staff for interagency meetings, such as the ERB and additional department-level activities.
+
+d.  Designates a VEP point of contact to serve as the focal point for vulnerability submissions from USCYBERCOM to the VEP ES for communication and coordination.
+
+e.  Coordinates with the CJCS and the USD(P) to review vulnerabilities and submit them to the VEP.
+
+f.  Assists DoD Components to develop, maintain, and update mitigation plans and recommend mitigation options and deployment plans for vulnerabilities submitted to the VEP.
+
+g.  Coordinates with the U.S. Computer Emergency Readiness Team (US-CERT), the CERT
+Coordination Center, and the United States Intelligence Community Security Coordination Center for cyber threat updates.
+
+h.  Shares information about vulnerabilities with the DoD US-CERT liaison in accordance with Section 3556 of Title 44, United States Code, also known and referred to in this issuance as the "Federal Information Security Modernization Act of 2014."
+i.  Coordinates with the US-CERT to identify potential remediation and mitigation actions as required.
+
+## Section 3:  Vulnerability Management Process 3.1.  General.
+
+The DoD vulnerability management process is the cyclical practice of five steps to identify, classify, remediate, and mitigate vulnerabilities.  These steps are Vulnerability Identification, Vulnerability Analysis, Analysis Reporting, Remediation and Mitigation, and Verification and Monitoring (see Figure 1).
+
+## 3.2.  Step 1: Vulnerability Identification.
+
+Vulnerability identification employs security automation capabilities to identify possible vulnerabilities in organizational assets.  These capabilities, combined with security control methodologies, provide additional means to identify vulnerabilities.  There are six prime methods for vulnerability identification:
+
+## A.  Vulnerability Scanning.
+
+Vulnerability scanning inspects probable areas of weakness in computers or networks.  The scan identifies internal network weaknesses for missing vendor patches and scans external systems for additional vulnerabilities.  The DoD Components will:
+(1)  Perform vulnerability scanning procedures using the guidelines in NIST SP 800-115
+as reference.
+
+(2)  Use the Common Vulnerability and Exposure website available at https://cve.mitre.org/about/index.html#why_cve to identify publicly known cybersecurity vulnerabilities
+
+(3)  Identify software requiring patches or updates.
+(4)  Identify unpatched vulnerabilities using automated services wherever possible and use manual processes only when necessary.
+
+(5)  Identify and maintain oversight of acquired, created, and discovered software; track software deployed on systems, subsystems, and system components.
+
+(6)  Implement scanning programs to identify gaps and deficiencies in the function and coverage of automated patching systems.
+
+## B.  Penetration Testing.
+
+Penetration testing simulates an attack on a computer or network to find vulnerabilities. The DoD Components will:
+
+(1)  Perform penetration testing considering cost and time available.
+(2)  Perform penetration testing using the guidelines in NIST SP 800-115 as reference.
+
+## C.  Security Controls Assessment.
+
+Security controls assessment tests the security controls of systems, subsystems, or system components to ensure the controls correctly identify and detect vulnerabilities. DoD procedures for security control assessment are located on the DoD Risk Management Framework Knowledge Service available at https://rmfks.osd.mil/rmf/RMFImplementation/AssessControls/Pages/DevelopPlan.aspx
+
+## D.  Historical Documentation.
+
+The DoD Components will cross-reference previous incident reports and logs with the Common Vulnerability and Exposure System, risk assessment data, and vendor bulletins to identify vulnerabilities.
+
+
+## E. Coordinated Vdp
+
+The DoD VDP maintains a coordinated vulnerability disclosure method.  Locate the purpose, overview, scope, reporting procedures, and guidelines for the program at https://hackerone.com/deptofdefense.
+
+(1)  Ethical hackers must comply with all applicable federal, state, and local laws in connection with their security research activities to participate in the DoD VDP.
+
+(2)  Information submitted to DoD through the VDP must be used for defensive purposes to mitigate or remediate vulnerabilities in DODIN systems, subsystems, or system components.
+(3)  During the VDP coordination process, the DoD Components will:
+
+(a)  Assess the severity of validated VDP vulnerabilities.
+(b)  Execute mitigation or remediation efforts.  The system owner's remediation team and the Cyber Service Component:
+
+1.  Execute the USCYBERCOM/ JFHQ-DODIN directive or orders. 2.  Validate the vulnerability. 3.  Develop, implement, and execute remediation or mitigation plans.
+4.  Contact the DoD Component chain of command (USCYBERCOM or Chief Information Officer) to request additional information from DC3 through USCYBERCOM as required.
+5.  Keep the system owner informed of actions throughout the process and completion of remediation and mitigation of the vulnerability.
+
+(c)  Advise their authorizing officials of remediation and mitigation actions. (d)  Report process through their chains of command to DC3 and USCYBERCOM
+within VRMN
+
+## F.  Vep
+
+The VEP is used by the USG to balance whether to disseminate vulnerability information to the vendor/supplier in the expectation that it will be patched, or to temporarily restrict the knowledge of the vulnerability to the USG, and potentially other partners, so that it can be used for national security and law enforcement purposes, such as intelligence collection, military operations, and/or counterintelligence.
+(1)  DoD Components will, except NSA, use existing vulnerability management processes to identify and submit vulnerabilities to USCYBERCOM for review and submission to the VEP in coordination with USD(P) or the CJCS, as applicable.
+
+(2)  NSA will submit vulnerabilities directly to the VEP.
+
+## 3.3.  Step 2: Vulnerability Analysis.
+
+Vulnerability analysis evaluates vulnerabilities through impact assessment and analysis prioritization to assign severity levels to vulnerabilities as quickly as possible.
+
+## A.  Impact Assessment.
+
+An impact assessment determines the primary historical, recent, and probable impacts connected with the vulnerability and analyzes the underlying cause of those impacts. The DoD Components will perform impact assessments to determine the likely expected loss of integrity, confidentiality, and availability if the vulnerability is not remediated or mitigated.
+
+## B.  Analysis Prioritization.
+
+Analysis prioritization manages the prioritization and urgency of different vulnerabilities to address highly critical requirements immediately.  Impact assessment results, environmental metrics, base metrics, and temporal metrics determine prioritization through the Common Vulnerability Scoring System (CVSS). DoD Components will prioritize vulnerabilities to address the most critical vulnerabilities first.
+(1)  The CVSS provides a uniform and standardized vulnerability scoring method, an open framework, and an ability to prioritize risk to analyze identified vulnerabilities against different metrics (e.g., base metrics, temporal metrics, and environmental metrics).  NIST Interagency Report 7435 contains detailed guidelines for the use of the CVSS and its applicability to federal systems.
+
+(2)  CVSS calculators compute base, temporal, or environmental scores.  The CVSSv3.1
+calculator is available at https://www.first.org/cvss/calculator/3.1
+(3)  The NIST National Vulnerability Database is a registry of all known reported vulnerabilities, which maintain a bulletin web site that includes CVSS base scores.  NIST provides these web-based bulletins in addition to XML and RSS feeds free for use.  The registry is available at http://nvd.nist.gov/nvd.cfm and http://nvd.nist.gov/download.cfm#XML.
+
+## 3.4.  Step 3: Analysis Reporting.
+
+a.  The DoD Components will draft an analysis report to display the output of the vulnerability analysis.  The analysis report must include one or more of the following:
+
+(1)  Name of the vulnerability. (2)  Date of discovery. (3)  Recommendation to correct the vulnerability.
+(4)  The CVSS score. (5)  The CVSS severity rating.
+(6)  Details of how the loss of confidentiality, integrity, or availability could affect DoD
+operations, organizational assets, or individuals (e.g., limited, serious, catastrophic, or cataclysmic effects).
+
+b.  When generating the analysis report, the DoD Components will:
+(1)  Report all vulnerabilities immediately upon discovery. (2)  Use the CVSS 3.1 Qualitative Severity Rating scheme listed in Table 1.
+(a)  Any vulnerability with a minimum CVSS score of 0.1 and 3.9 has a severity rating of (Low); there is a limited adverse effect on DoD organizational operations, organizational assets, or individuals.
+
+(b)  Any vulnerability with a minimum CVSS score of 4.0 and 6.9 has a severity rating of (Medium); there is a serious adverse effect on DoD organizational operations, organizational assets, or individuals.
+
+(c)  Any vulnerability with a minimum CVSS score of 7.0 and 8.9 has a severity rating of (High); there is a catastrophic adverse effect on DoD organizational operations, organizational assets, or individuals.
+
+(d)  Any vulnerability with a minimum CVSS score of 9.0 and 10.0 has a severity rating of (Critical); there is a cataclysmic adverse effect on DoD organizational operations, organizational assets, or individuals.
+
+| CVSS Score    | Severity Rating    |
+|---------------|--------------------|
+| 0.0           | None               |
+| 0.1-3.9       | Low                |
+| 4.0-6.9       | Medium             |
+| 7.0-8.9       | High               |
+| 9.0-10.0      | Critical           |
+
+## 3.5.  Step 4: Remediation And Mitigation.
+
+Remediation occurs when the vulnerability is eliminated or removed. Mitigation occurs when the impact of the vulnerability is decreased without reducing or eliminating the vulnerability.  To assess remediation and mitigation techniques, the DoD Components will:
+a.  Determine, on a case-by-case basis, which remediation or mitigation method is most beneficial and consider the loss of confidentiality, integrity, and availability.
+
+b.  Consider asset value, exposure factor, single loss expectancy, the annual rate of occurrence, annualized loss expectancy, and the total cost of ownership in mitigation or remediation method calculations.
+
+c.  Compute and maintain metrics (mean time to patch, average patch deployment success rate, average vulnerability exposure, and others over time), to evaluate the effectiveness of patching processes.
+
+d.  Monitor compliance, remediation, mitigation, and document deviations from established configuration procedures and settings.
+
+e.  Use standardized change management processes to implement and track configuration changes, patches, and updates to system software, firmware, and hardware.
+
+f.  Recommend configuration changes to ensure the correct application of remediation or mitigation actions.
+
+g.  Use a vulnerability scan to identify physical or virtual devices that require remediation or mitigation and correct identified gaps in automated patching systems.
+
+h.  Ensure patches are available to operators of patch deployment systems for software, firmware, and hardware not supported by enterprise systems.
+
+i.  Establish infrastructure discovery and procedures to gain logical or physical control of non-compliant devices and bring them into compliance in accordance with respective device compliance policies.
+
+j.  Destroy devices or media in accordance with CNSSI 4004.1. k.  Implement secure configurations for software, firmware, and hardware in accordance with applicable DoD security technical implementation guides, NSA/CSS security implementation and mitigation guidance, and NIST mitigation guidelines.
+
+## 3.6.  Step 5: Verification And Monitoring.
+
+DoD Components will verify the remediation or mitigation method implemented on identified vulnerabilities and perform the continuous monitoring required to limit further exploitation. This verification includes actions to:
+a.  Verify the efficiency of the remediation or mitigation method upon completion of implementation, which provides for re-establishing the baseline configuration.
+
+b.  Compare successive vulnerability scans to ensure that the vulnerability is remediated or mitigated.
+
+c.  Monitor remediated or mitigated systems, subsystems, or system components for any more codependent vulnerabilities.
+
+d.  Conduct monthly non-authenticated and authenticated vulnerability scans to obtain accurate system information for continuous monitoring of previously affected systems.
+
+e.  Store logs in a central repository or security information and event management platform.
+
+f.  Comply with the DoD Information Security Continuous Monitoring program to meet Federal Information Security Modernization Act continuous monitoring requirements.
+
+## Glossary G.1.  Acronyms.
+
+ACRONYM
+MEANING
+CHCSS CJCS CNSSI CSS CVSS
+DC3
+DIRNSA DISA DoDI DODIN DoD SISO ERB ES JFHQ-DODIN NIST NSA SME US-CERT USCYBERCOM
+USD(A&S)
+USD(I&S)
+USD(P) USG VDP VEP
+VRMN
+Chief, Central Security Service Chairman of the Joint Chiefs of Staff Committee on National Security Systems Instruction
+Central Security Service
+Common Vulnerability Scoring System
+DoD Cyber Crime Center
+Director, National Security Agency
+Defense Information Systems Agency
+DoD instruction DoD Information Network
+DoD Senior Information Security Officer Equities Review Board Executive Secretariat Joint Force Headquarters-DoD Information Network National Institute of Standards and Technology National Security Agency subject matter expert U.S. Computer Emergency Readiness Team
+United States Cyber Command
+Under Secretary of Defense for Acquisition and Sustainment Under Secretary of Defense for Intelligence and Security
+Under Secretary of Defense for Policy
+U.S. Government Vulnerability Disclosure Program Vulnerabilities Equities Process
+Vulnerability Report Management Network
+
+## G.2.  Definitions.
+
+Unless otherwise noted, these terms and their definitions are for the purpose of this issuance.
+
+TERM
+DEFINITION
+active response
+Sequence of actions performed specifically to mitigate a detected threat.
+automated patch management
+Ability to retrieve and distribute system software and configuration patches, updates, and fixes in a machine-to-machine manner to
+reduce the amount of human intervention and expedite the patch management process.
+
+The measurement of qualities intrinsic to a vulnerability.
+base metrics cataclysmic
+Above and beyond catastrophic. Causing an extensive amount of destruction, or a sudden, violent change. Causing a large amount of destruction, or a violent change.
+catastrophic
+A method of disclosure that involves a set of activities, including recognizing and involving partners, mediating, communicating, and other planning to facilitate vulnerability disclosure.
+coordinated
+vulnerability disclosure cybersecurity
+Defined in CNSSI 4009.
+device
+A unit of physical equipment or hardware that gives at least one figuring capacities inside a computer operating system. Defined in DoD Dictionary of Military and Associated Terms.
+directive authority for cyberspace
+operations environmental metrics Measurement for vulnerabilities that depend on a particular
+implementation or environment.
+
+firmware
+Defined in CNSSI 4009.
+mitigation
+Act of reducing risk by taking some other action generally outside the domain of the influenced system, which cannot be remediated. A zero-day vulnerability or new zero-day vulnerability information.
+newly discovered vulnerability
+
+patch management
+Defined in CNSSI 4009.
+TERM
+DEFINITION
+publicly known vulnerability
+A vulnerability is publicly known if the vendor is aware of its existence, and vulnerability information can be found in the public
+domain (e.g., published documentation, Internet, trade journals).
+remediation
+Actions taken to eliminate an identified risk.
+risk acceptance
+Defined in NIST SP 800-30.
+software
+Defined in CNSSI 4009.
+system
+Defined in CNSSI 4009.
+
+system component
+Defined in NIST Special Publication 800-37.
+temporal metrics
+
+Measurement of characteristics that evolve over the lifetime of vulnerability. Defined in DoDI 8320.04.
+unique item
+identifiers
+A device file that has no associated hardware.
+virtual device vulnerability
+Defined in CNSSI 4009.
+vulnerability
+management
+The practice of identification, classification, remediation, and mitigation of vulnerabilities in systems, subsystems, and system components. Previously unknown hardware, firmware, or software vulnerability.
+zero-day vulnerability
+
+
+## References
+
+Committee on National Security Systems Instruction No. 1253, "Security Categorization and
+Control Selection for National Security Systems," March 27, 2014
+Committee on National Security Systems Instruction No. 4004.1, "Destruction and Emergency
+Protection Procedures for COMSEC and Classified Material," January 10, 2008
+Committee on National Security Systems Instruction No. 4009, "Committee on National
+Security Systems (CNSS) Glossary," April 6, 2015, as amended
+DoD Directive 5144.02, "DoD Chief Information Officer (DoD CIO)," November 21, 2014, as
+amended
+DoD Directive 5505.13E, "DoD Executive Agent (EA) for the DoD Cyber Crime Center
+(DC3)," March 1, 2010, as amended
+DoD Instruction 5000.02T, "Operation of the Defense Acquisition System," January 23, 2020
+DoD Instruction 6530.01, "Defense Medical Logistics Program," August 23, 2017 DoD Instruction 8310.01, "Information Technology Standards in the DoD," July 31, 2017, as
+amended
+DoD Instruction 8320.03, "Unique Identification (UID) Standards for Supporting the DoD
+Information Enterprise," November 4, 2015, as amended
+DoD Instruction 8320.04, "Item Unique Identification (IUID) Standards for Tangible Personal
+Property," September 3, 2015, as amended
+DoD Instruction 8500.01, "Cybersecurity," March 4, 2014, as amended Food and Drug Administration, FDA-2015-D-5105, "Postmarket Management of Cybersecurity
+in Medical Devices," December 2016
+Food and Drug Administration, FDA-2013-S-0610, "Cybersecurity for Networked Medical
+Devices Containing Off-the-Shelf (OTS) Software," January 2005
+National Institute of Standards and Technology Interagency Report 7435, "The Common
+Vulnerability Scoring System (CVSS) and Its Applicability to Federal Agency Systems," August 2007
+National Institute of Standards and Technology Special Publication 800-30, "Revision 1, "Guide
+for Conducting Risk Assessments," September 2012
+National Institute of Standards and Technology Special Publication 800-37, "Revision 2, "Risk
+Management Framework for Information Systems and Organizations," December 2018
+National Institute of Standards and Technology Special Publication 800-115, "Technical Guide
+to Information Security Testing and Assessment," December 2018
+Office of the Chairman of the Joint Chiefs of Staff, "DoD Dictionary of Military and Associated
+Terms," current edition
+The White House, Office of the Press Secretary, "Vulnerabilities Equities Policy and Process for
+the United States Government," November 15, 2017
+United States Code, Title 44