2009 FSO Conference. Welcome Psychology of a Spy Ron Olive.
-
Upload
cory-palmer -
Category
Documents
-
view
214 -
download
0
Transcript of 2009 FSO Conference. Welcome Psychology of a Spy Ron Olive.
2009 FSO Conference
Welcome
Psychology of a SpyRon Olive
Break
Non-Possessing Facility Reviews Gary Jantz
Non-Possessing Reviews (NPR) Content
• Security Agreements
• Facility Data Approval Records (FDARs)
• Contract Security Classification Specification (CSCS) forms
• Central Personnel Clearance Index (CPCI)
• Security Briefings
NPR Conduct
• Scheduling
• How– E-mail
– Telephone
– Snail Mail
NPR Results
• Written report
• Safeguards and Security Information Management System (SSIMS)
• Distribution
Facility Clearance Program
Facility Clearance
What is it?
Administrative determination by the DOE/NNSA that a company is authorized to have access to classified information in performance of work on a classified contract at a DOE/NNSA and/or other approved site.
Facility Clearance
Also referred to as:
- Company Clearance
- Contractor Company Clearance
No Facility Clearance = No Classified Contract = No Personnel Security Access Authorizations
FSO Responsibilities
All topics in this presentation are the
responsibility of the FSO
Today’s Topics
• Initial facility clearance processing
• Maintaining a facility clearance
• Terminating a facility clearance
• Potential pitfalls
• Additional considerations
Possessing Facility vs. Non-Possessing Facility
• Possessing Facility: A contractor company that stores classified matter at its facility (reflected in Box 10b of the CSCS form)
• Non-Possessing Facility: A contractor company that may access classified matter at DOE or other approved possessing facilities, but is not authorized to store classified matter at its facility.
Initial Facility Clearance – Required Elements –
Majority of elements are processed concurrently:• Classified contract with CSCS form• Favorable Foreign Ownership, Control, or
Influence (FOCI) determination • Key Management Personnel (KMP) access
authorizations (i.e., clearances) and exclusions
• FSO designation and training
• Security plan
• Initial survey (possessors only)
• Approved FDAR
Initial Facility Clearance– Required Elements –
Continued
1 Classified
Contract/Solicitation1
Awarded to Individual/Sole Proprietor3 or
Company4
Begin FCL Process
SDR/SCR complete CSCS Form (driver to acquire facility
clearance)
Will contract include sub
contracts2 to carry out scope of
work?****
Will individual have employees in
performance of contract?
StopSNL line org. and Consultant begin Execution of ISP
FCL Team validates ISP
Company possesses active
Facility Clearance?
Use current registered DOE
facility code
Apply for DOD Reciprocity to acquire DOE
facility clearance code
Company
Individual
NO
FCL Team sends to Clearance
Office for processing
1 Contract/Solicitation: An exchange of promises between two or more parties to do, or refrain from doing, an act which is enforceable in a court of law. It is a binding legal agreement.2 Sub Contract: A contract that is placed under a prime contract to support the scope of work in the prime.3 Sole Proprietor: Represent only themselves, not a company and has no registration of business in the U.S. 4 Company: Organized under the laws of the U.S. as a separate entity and registered with a tax ID; allows for the hiring of employees.
YES
2 Company completes:
· e-FOCI
· 4 FSO training
· FSO designation. Letter
· 5 Security Plan
(possessing & non-poss.)
FCL team reviews and submits to
NASC
3 NASC determines KMP
FCL team begin processing of KMP clearances
6 Initial survey
with satisfactory results
(possessing facilities)
7 FCL is registered in DOE SSIMS
database via an FDAR
Classified contract can be awarded
YES
YES
YES
NO
NO
FDAR/CSCS received from NASC, distribution
to line.
NASC renders favorable FOCI determination
FSA Updated
****Process not currently defined.
YES
Individual access authorizations can be processed
Stop
Stop
Process for Obtaining a Facility Clearance
CSCS Form – 1st Required Element –
• The CSCS form is referenced in contract security clauses, defining the security requirements of each contract. It shows the level and category of classified work/access required, classification guidance, place of performance, etc.– When a contract requires access authorization (i.e.,
classified contract), the Sandia Delegated Representative (SDR)/Sandia Contracting Representative (SCR) must complete a CSCS form and submit it to the Facility Clearance Team.
– The completed CSCS form drives the initiation of the facility clearance.
Reciprocity
• When does reciprocity apply?– If the contractor company already has an
active Facility Clearance at another DOE/NNSA site (e.g., LANL, LLNL).
– If the contractor company already has an active facility clearance with DoD (e.g., DSS).
• If already cleared, the Facility Clearance Program only requires a CSCS form.
Favorable FOCI Determination – 2nd Required Element –
• An invitation e-mail is sent to the company to request an e-FOCI account.
• The FOCI submission is reviewed and—when the package is complete, including signed hard copies—it is sent to DOE/NNSA for determination.
• Additional information may be requested from SNL and/or DOE/NNSA.
• DOE/NNSA renders FOCI determination.
Question
What happens if FOCI exceeds thresholds?
The request for Facility Clearance is sent to DOE for determination.
The company will work directly with DOE to mitigate the FOCI, if possible.
KMP Access Authorizations – 3rd Required Element –
• DOE/NNSA designates KMP (including the FSO) who require access authorizations.
• The FSO works with the SDR to complete access authorization request forms.
• KMP must be in process for access authorizations before the Facility Clearance can be granted.
• KMP must be cleared at the same level as the Facility Clearance (i.e., level of highest contract).
• Excluded KMP– Certain KMP may be excluded from access to
classified information and therefore do not require an access authorization
– A Resolution for Exclusion is executed for these KMP by the board of directors or a similar body
KMP Access Authorizations – 3rd Required Element –
Continued
E-FOCI package submitted by SNL
FOCI Office to DOE FOCI Office
SNL Requestor forwards signed forms to FOCI
Office
DOE FOCI Office notifies SNL of KMP needing
clearances
SNL FOCI Office sends email with badge request
forms to company FSO, Requestor,
and Buyer
FSO completes the company’s
portion of the form and forwards to
Requestor
Clearance Office sends eQIP package instructions to KMP
KMP completes drug test and results
forwarded to Personnel Clearance Office
Clearance Office notifies FSO to send in KMP for drug test
SNL FOCI Office forwards forms to
Personnel Clearance Office
Clearance Office reviews e-Quip
package for accuracy
KMP completes eQIP package and forwards to
Clearance Office within 30 days
DOE Security Division enters applicant into Central Personnel
Clearance Index (CPCI)
Clearance Office forwards eQIP
DOE FOCI Team werifies applicant
in CPCI
Package Complete?
Clearance Office returns eQIP
package back to KMP for correction
Key Management Personnel Workflow Chart
YES
NO
FSO Designation – 4th Required Element –
• FSO Appointment Letter is required.
• FSO must successfully complete FSO training.
• Revised FSO Training is being developed for non-possessing facilities—deployment TBD.
Security Plan – 5th Required Element –
• Security Plans are currently required for Possessing Facilities.
• Security Plans will soon be required for Non-Possessing Facilities (TBD):– Template is in development and will be
added to the Annual FOCI Certification requirements
Initial Survey – 6th Required Element –
• Possessors – Satisfactory Initial Survey required before granting Facility Clearance – Survey performed by Sandia Site Office
(SSO)
• Non-possessors – Initial Survey not required.– Reviews are required every 5 years
FDAR – 7th Required Element –
• The FDAR documents the registration of a company’s Facility Clearance.– FDARs are registered in the DOE Safeguards
& Security Information Management System (SSIMS) database.
• SSIMS is the equivalent to the DoD Industrial Security Facilities Database (ISFD).
All Required Elements Met – Now What? –
• FSO/SDR/SCR is notified that the Facility Clearance has been granted
• Classified contract is awarded• Employee access authorizations are
requested/granted• Classified work begins• FSO receives:
– Notification of favorable FOCI determination – Keep for your records
– Copy of FDAR for review– Copy of CSCS for review
FDAR Form – What to Look for –
• Verify information on FDAR form is correct, particularly in blocks:– 5a, 5b - Facility Legal Name and any “Doing Business As” (DBA)
name– 9 - Location– 13, 17 - Classified Mail Channel/Shipping, if appropriate– 16 - Appropriate Clearance Levels– 18 - Storage Capability of your Facility– 21 - FSO Contact Information
• Provide copies of FDAR forms to auditors upon request.
• Verify information on CSCS form is correct, particularly in blocks:– 4b/c - Verify the contract number and end date– 6 - General Statement of work identified – 7 - Name and address– 9b (DOE) and 9b (Non-DOE) - Actual place of performance of
contract– 10 - Clearance and storage (level and category).
Note: 10b indicates storage level at the contractor facility. If a category/level (other than “U”) is in this block, SNL- or DOE-owned classified information or matter is stored at the contractor’s facility.
– 12 - Classified matter location
• Provide copies of CSCS forms to auditors upon request
CSCS Form – What to Look for –
Maintaining a Facility Clearance
• Annual FOCI certification
• 5-Year FOCI recertification
• Significant FOCI changes
• Contract extensions
• Changes to CSCS form
• Changes to FDAR
• Non-possessing facility reviews
Annual FOCI Certification
• A reminder notice is sent to the company to complete the Annual FOCI Certification through e-FOCI
• Review FDAR and CSCS forms provided to you for accuracy (new process)
• Verification of all information on an SF 328, Certificate Pertaining to Foreign Interests
• Report changes and provide documentation, such as:– Changes in KMP (needs new KMP list)– Changed financial conditions– Changes to company name and/or address– Changes that affect FOCI status
Annual FOCI Certification
• Mail original forms that require signature to the SNL Facility Clearance Team.
• Non-possessing facility security plans will be requested in future Annual Certification reminder e-mails.
• The Facility Clearance Team will send an e-mail to the FSO upon receipt of favorable DOE/NNSA determination.
Continued
5-Yr FOCI Recertification
• A reminder notice is sent to the company to complete the 5-Year FOCI Recertification through e-FOCI.
• Review FDAR and CSCS forms provided to you for accuracy.
• A separate Annual FOCI Certification is not required when 5-Yr Recertification is due.
• The full FOCI package must be submitted including all documents that were provided in the initial package.– A new KMP list is required.– Resolutions for Exclusion must be re-executed.
5-Yr FOCI Recertification
• Mail original forms that require signature to the SNL Facility Clearance Team.
• A non-possessing facility security plan will be requested in future 5-Year Recertification reminder e-mails.
• You will be notified if and when your company’s Facility Clearance has been re-approved. When approved, you should receive:– Notification of favorable FOCI determination (Keep
for your records)– Copy of FDAR for review– Copy of CSCS for review
Significant FOCI Changes
• Significant Changes are those that could affect your Facility Clearance.– Changes in KMP (including FSO)– Mergers/buyouts (VERY IMPORTANT)– Company name and address change– Changed financial conditions (increased foreign
indebtedness/revenue, bankruptcy)– Other changes that affect FOCI
• Report as soon as possible via e-FOCI when changes are known, if between Annual and 5-Year cycle.– If you are unsure, call us.
• Stay informed – Talk to your management about significant changes that may be on the horizon.
Contracts
• Subsequent new contracts– New CSCS form generated
• Contract extensions– Initiated by the SCR– Updated CSCS form generated and
distributed to SCR/SDR/FSO.
In both instances, review the CSCS form for accuracy and notify the Facility Clearance Team of any discrepancies.
Terminating a Security Activity vs. Terminating a Facility
Clearance
Termination of Security Activity
• Termination of a security activity only terminates the classified work on the contract. This occurs when the company/facility has other classified contracts (CSCS forms) tied to it.– Certificate of Non-Possession for that contract– Terminating CSCS form for that contract– Termination of access authorizations associated with
that contract. Note: Access authorizations may be transferred to another active contract if personnel will be working on new contract.Note: Unclassified work may continue even if the classified portion of the contract is terminated.
Termination of Facility Clearance
• Termination of the Facility Clearance occurs when there are no longer any classified contracts (security activities) tied to the company/facility.– Certificate of Non-Possession – Terminating CSCS form– Termination of access authorizations
Note: Unclassified work may continue even if the classified portion of the contract is terminated.
Certificate of Non-Possession
• A “Certificate of Non-Possession” or “Closeout Certificate” will be e-mailed to the FSO once a contract has terminated or classified portion of work has ended. This form MUST be filled out by the FSO and returned to the Facility Clearance Office within 48 hours.
Note: If the Closeout Certificate reflects “LAST SNL INTEREST,” the certificate indicates that this is the last remaining contract with SNL. If no other contracts with DOE/NNSA exist, the company’s facility clearance (FOCI) will terminate. If other classified contracts with DOE/NNSA exist, responsibility for facility clearance will be transferred from SNL to the appropriate site (e.g., LANL).
Potential Pitfalls
Potential Pitfalls Could Affect Facility Clearance
• Potential Pitfalls:– Unreported changes in FOCI information– FOCI issues– Failure to comply with Personnel Security requests– KMP not cleared– Failure to submit Annual Certification and 5-Year FOCI
recertifications– Mergers/buyouts
• Result – Suspension of Facility Clearance– Contract and badge extensions on a case-by-case basis– No new classified contracts or access authorizations
• Potential Result – Termination of Facility Clearance– All classified work stops on all classified contracts– All access authorizations terminated
Additional Considerations
Additional Considerations
• Company’s legal name vs. DBA name
• Multiple facility organization– Home office vs. branch office
• Tier parents
• Subcontractors
Company Name
• Legal name as recorded on company’s business registration paperwork
• DBA names added separately
• These names are recorded on the FDAR
Multiple Facility Organizations
• Home office submits FOCI information for favorable determination and facility clearance. This clearance flows down to the branch office.
• Branch office submits its own KMP list (Manager and FSO).
• Branch office is assigned its own facility code.
Multiple Facility Organizations
Tier Parent Organizations
• Parent companies must submit FOCI information for a favorable determination
• Exclusions determined by DOE
• Subsidiary submits its own FOCI information for its own facility clearance
Tier Parent Organizations
Subcontractors
• Security requirements must flow down to subcontracting companies that will perform classified work under the contract.
• Each subcontracting company is required to have its own Facility Clearance.
• A CSCS form is created for each subcontract• Access authorizations and badges must be
requested under the appropriate subcontracting company.
Contacts
New Mexico• Organization: 4234-3• Mail stop: MS-1493• E-mails: [email protected], [email protected]• Facility Clearance Team:
– Team Lead: Paulette Solis, 505-844-5378– Vanessa Blythe, 505-284-8901– Kelly Borns, 505-284-4588 – Linda Schardt, 505-284-2013
California• Organization: 8511-1• Mail stop: MS-9113• E-mail: [email protected]
– Meaghan Shay, 925-294-2243
Lunch
Corporate InvestigationsChris Padilla
CorporateInvestigations
Corporate Investigations
Agenda
• Waste, Fraud, and Abuse
• Workplace Violence
• Property Losses
• DOE Reporting Requirements
Corporate Investigations
Waste, Fraud, and Abuse
Investigative Process
• Reporting incidents– Cyber Security– Travel and Treasury– Ethics, Security Incident Management
Program (SIMP), Equal Employment Opportunity (EEO), Counterintelligence (CI), and Human Resources Business Partners (HRBPs)
– DOE Inspector General (IG) or Site Office
Investigative Process
• Investigation– Preliminary investigation– Gather evidence– Contact SCR/Manager– Conduct interviews (audio recorded)– Findings– Close out with SCR/Manager– Corrective Action when necessary
Examples of Waste, Fraud, and Abuse
Violation Example
WasteIndividual orders 500 replacement parts for a piece of equipment that will never be used in order to spend year-end funds
Fraud Individual takes a Sandia computer home and gives the computer to a relative for their personal use
Abuse Individual uses a government vehicle to move their household items
Fraud
Individual uses their SNL Procurement card to purchase office supplies and computer equipment for their landscaping business and disguises the purchase as a Sandia business-related expense
Fraud Employee records extra time on his or her timesheet that was not worked
Corporate Investigations FY09
• Cases– Accessing pornographic websites– Inappropriate e-mails– Voucher irregularities by contractors– Timecard fraud/mischarging– Running a personal business on government
computers– Theft– Using government equipment for personal projects
Inquiries Cases
0
5
10
15
20
25
30
35
40
45
50
FY05 FY07 FY09
TOTAL (40)
ABQ (39)
CA (1)
0
5
10
15
20
25
FY05 FY07 FY09
TOTAL (25)
ABQ (25)
CA (0)
Corporate Investigations FY09
10
5
2
8
3 10
Web/ E-mail Abuse(10)
Time Card Fraud (5)
Theft (2)
Abuse of Govt.Property (8)
Fraud (3)
Other (10)8
2
2
4
25
2
Web/ E-mail Abuse(8)
Time Card Fraud (2)
Theft (2)
Abuse of Govt.Property (4)
Fraud (2)
Other (5)
Policy Violations (2)
Inquiries (40) Cases (25)
Corporate Investigations FY09
Corporate InvestigationsDisciplinary Actions FY09 Actions FY09
0
1
2
3
4
5
6
7
8
2006 2007 2008 2009
Terminations/ Sandia (0)
Terminations/Contractor (1)
Resignation in Lieu (1)
Suspension (5)
Written and VerbalReprimand (8)
Retired DuringInvestigation (0)
No Action (4)
Discipline Pending (2)
Corporate Investigations
Workplace Violence
Workplace Violence Program FY09
0
5
10
15
20
25
30
35
FY05 FY07 FY09
Total (4)
ABQ (4)
CA (0)
Inquiries
0
1
2
3
4
5
6
FY05 FY07 FY09
Total (2)
ABQ (2)
CA (0)
Cases
Corporate Investigations
Property Losses
Theft of Property
Any theft of Sandia or U.S. Government property must be reported immediately upon determination to SNL Corporate Investigators (505-845-9900). (See webpage for Property Report Form.)
All property that is considered stolen, lost, or missing must be reported regardless of value and regardless of whether it is considered controlled or uncontrolled property.
Corporate Investigations
DOE Reporting Requirements
Who Must Report
Any individual who:– Possesses a DOE security clearance– Is in the process of obtaining a DOE security
clearance– Is in the process of having a DOE security
clearance reinstated
What and When to Report
• Refer to the Corporate Investigations’ website or the Matrix Pamphlet for guidance.
• Derogatory information reporting is required by DOE M 470.4-5, Personnel Security; CG100.4.8, Conduct Corporate Investigations; and ISS100.3.1, Report Personnel Security Information; Security Incidents; and Waste, Fraud, and Abuse.
• The timeframes for reporting range from immediately to 2 working days.
• Derogatory information is reviewed by DOE Personnel Security, and an interview with DOE to discuss the derogatory information may be required.
• Providing false information and delays in responding to DOE Personnel Security for information requests may result in a suspension or termination of an individual’s DOE security clearance.
DOE Personnel Security
• DOE conducts background investigations for those individuals who are in process of obtaining a DOE security clearance.
• DOE conducts re-investigations for those individuals who hold a DOE security clearance.
• Identity thieves could use your identity when they:– Accrue debt.– Are arrested and charged with violations of law.
• DOE background checks include record reviews for credit, debt, and criminal history, in addition to other checks.
Reporting identity theft to DOE is not required, but is a good idea:
Identity Theft
Contacts
Corporate Investigations
New Mexico• Chris Padilla, 505-284-3125 • Pat O’Neill, 505-844-4377• Mark Ludwig, 505-284-6411
California• Mike Dollar, 925-294-2531
Remember
Security Depends on All of Us!
Random Drug TestingRenee Wood
Drug Testing Results
• 9 months of random drug testing – 3,300 screened– 0 positive results of Sandia employees– 1 confirmed contractor, who was removed
from the SNL contract
Statistically?
• Below U.S. average of approximately 5%
• Below Sandia’s initial estimates of having over 100 people testing positive by now
• Members of the Workforce predicted a 0 to 1% rate of illegal drug use
Screening Center Moved
• SNL/NM’s Medical Clinic (Bldg. 831)
SNL/NM Screening Center
• Why was it located off base?– To acquire an understanding of just how
disruptive screening would be
• Why was it moved back on base?– Transportation issue for those working on base– Sense of security for administrators– Central check-in location
Common Complaints
• Rights being violated
• Individuals feel as if they can’t be trusted
• Waste of taxpayers money
• Work is being interrupted
• Called multiple times due to pure random nature
Staff’s #1 Problem
• Misperceptions of individuals selected for screening
Common Myths
• Testing positive is the screener’s fault
• Once I’m selected, I won’t be selected again until next year
• There are good reasons not to report
• They are only screening for illegal drugs
Personnel Security Clearance Office
Delvin Wood
Objectives
FSO Responsibilities DOE Access Authorization
• Definition/Information• Types• Classification Levels, Categories, and Access Authorization Matrix• Initiatives
DOE Requirements • DOE Drug Testing• Contractor Pre-Processing Investigations• Electronic Fingerprinting• Personal Identify Verification Sponsorship• Reinvestigations• Access Authorization Terminations
RemindersPersonnel Security Clearance Office Resources
FSO Responsibilities
• Comply with Personnel Security requirements.• Receive, review for completeness, and submit access
authorization paperwork to Personnel Security Clearance Office.
• Ensure access authorization paperwork is submitted in the requested time period to the Personnel Security Clearance Office.
• Maintain necessary access authorization records for personnel.
• Team with the Personnel Security Clearance Office to ensure processes are followed accurately.
• Requested when the duties of the current position/job requires access to classified information or matter, or SNM.
• Applicants are subjected to Federal background investigations and must meet eligibility requirements for access to classified information or matter, or SNM.
An access authorization is an administrative determination that an individual is eligible for access to classified information or matter, or Special Nuclear Material (SNM) on a need-to-know basis.
DOE Access Authorization
• An individual’s active access authorization must not be used as a determining factor for hiring, entering into a consultant agreement, or awarding a subcontract.
• Unless otherwise stipulated, the contractor will not be required to reimburse Sandia for Sandia costs associated with processing the contractor’s applicants or employees for access authorizations.
DOE Access Authorization
Continued
An access authorization must not be requested or continued to:
• Allow the dissemination of classified information or matter on other than a need-to-know basis.
• Avoid the use of access controls or physical barriers to distinguish perimeters among security areas or between security areas and open areas.
• Determine an individual’s suitability for employment.• Alleviate responsibilities for properly protecting or
disseminating classified information.• Establish a pool of cleared employees.• Accommodate an individual’s personal convenience,
gain, or advantage.• Anticipate unspecified classified work.
DOE Access Authorization
DOE Access Authorization Types
DOE access authorization types are designated as Q or L for access to different categories and levels of classified information or matter, or categories of SNM.
The type of access authorization requested must correlate with:
• The category (e.g., Restricted Data) and level (e.g., Secret) of classified information or matter, or
• Category of SNM to which the individual requires access in order to conduct current duties of a position.
QQ QQ QQ
QQ LL LL
LL LL LL
Access Access AuthorizationsAuthorizations
National National Security Security
Information Information (NSI)(NSI)
Formerly Formerly Restricted Restricted
Data Data (FRD)(FRD)
Restricted Restricted Data Data
(RD)(RD)
Top SecretTop Secret(TS)(TS)
Secret Secret (S)(S)
Confidential Confidential (C)(C)
Left to RightLeft to RightHighest Category to Lowest CategoryHighest Category to Lowest Category
To
p t
o B
ott
om
To
p t
o B
ott
om
Hig
he
st
Le
ve
l to
Lo
we
st
Le
ve
lH
igh
es
t L
ev
el
to L
ow
es
t L
ev
el
Classification Levels, Categories, and Access Authorization Matrix
DOE Access Authorization Initiatives
Sandia is adhering to a government-wide initiative to reduce the level and number of access authorizations to ensure that only individuals with a valid, continuing need for access to classified information or matter, or SNM are submitted for DOE access authorizations.
Personnel Security Clearance Office Initiatives:• Communicate to the line how to request/justify the appropriate
access authorization for their SNL job/position.• Review all requests for access authorizations.• Require access authorization requests and recertifications to
be based on an individual’s current assigned position and activities that require access to classified information or matter, or SNM.
DOE Access Authorization Justification Example
Unacceptable justification:“An access authorization is required to perform contractual duties,” or “An access authorization is required in support of Contract Number 123.”
Acceptable justification: “Mr./Ms._________ is a computer systems engineer with ABC, Inc. involved in systems analysis in support of XE-50. The duties of the position will require access to plans and operations concerning the Tritium Recovery Facility for the MHGTR, which are classified as Secret Restricted Data.”
DOE Drug Testing
All individual who requires a DOE access authorization and all individuals in positions who currently hold DOE access authorizations are considered to be in Testing Designated Positions, which means they are subject to applicant, random, and for-cause drug testing.
Applicant Drug Testing Notification distributed for:• Initial access authorization request• Reinstate access authorization request• Reciprocal/Re-approval access authorization request
Contractor Pre-Processing Investigation
When an initial access authorization or reinstatement of an access authorization is required, the contractor must conduct the following checks, as appropriate, to establish the individual’s job qualifications and suitability before submitting the access authorization request:
• A credit check• Verification of a high school degree or diploma, or
a degree or diploma granted by an institution of higher learning
• Contacts with listed references
• Contacts with listed employers for the past 3 years (excluding employment of less than 60 working days duration, part-time employment, and craft/union employment)
• Local law enforcement checks when such checks are not prohibited by state or local law, statute, or regulation, and when the individual has resided in the jurisdiction where the contractor is located
Contractor Pre-Processing Investigation
Continued
The cost associated with conducting a Contractor Pre-Processing Investigation is basic overhead cost of doing business on government contracts. Thus, Sandia cannot bear the cost of background screenings as a direct cost or line item under any type of contract.
The contractor must provide verification of checks to the Personnel Security Clearance Office via an SF 2730-PIV, Personal Identity Verification Sponsorship Information Form.
Contractor Pre-Processing Investigation
Electronic Fingerprinting
Fingerprints are required as part of the clearance request process and are used to conduct an FBI National Criminal History Check.
Electronic fingerprints are required for: Initial clearance request Clearance reinstatement request Reciprocal clearance request
An SF 2730-PIV, Personal Identify Verification Sponsorship Form, is required to initiate the electronic fingerprint process. The clearance applicant must complete this form.
Actual electronic fingerprinting enrollment process.
Electronic Fingerprinting
The Electronic Fingerprint Enrollment Process must be completed by the clearance applicant upon e-mail notification. Detailed instructions are available on the FSO Toolcart Website.
Personal Identity Verification (PIV) Sponsorship
PIV Sponsorship is required as part of the process for requesting an HSPD-12 Federal Credential for an individual requesting a clearance.
PIV Sponsorship is required for: Distribution of an HSPD-12 Federal Credential Initial clearance request Clearance reinstatement request Reciprocal clearance request
A SF 2730-PIV, Personal Identify Verification Sponsorship Form, is required to initiate the PIV process. Clearance applicant must complete this form.
Personal Identity Verification (PIV) Sponsorship
Detailed instructions for the HSPD-12/PIV Enrollment Process is available on the FSO Toolcart Website.
Reinvestigations
Purpose:Reinvestigations ensure an individual with an access authorization is periodically re-evaluated to determine their continued need for an access authorization and reinvestigated to determine his/her continued eligibility.
The type of re-investigation conducted is determined by the type of access authorization held by the individual and the recertification by the SNL manager of the individual’s continued need for access.
– DOE Q = 5 year interval– DOE L = 10 year interval
Access Authorization Termination
DOE requires the SNL Personnel Security Clearance Office to terminate an individuals access authorization by submitting a DOE F 5631.29, Security Termination Statement, within 2 days of the termination date or when it is known that the access authorization is no longer needed.
Access Authorization Termination
A DOE F 5631.29, Security Termination Statement, form is completed by the Member of the Workforce and manager when any of the following occur:
• Employment is terminated.• An access authorization is no longer required.• The individual is on a leave of absence or on
extended leave and will not require access to classified information or matter, or SNM, for 90 consecutive working days or more.
Access Authorization Termination
• Access to classified information or matter, or SNM, is no longer required due to transfer to a position not requiring such access.
• The individual leaves for foreign travel, employment, assignment, education, or residence of more than 3 months duration, not involving official U.S. Government business. This requirement applies even if the individual remains employed by the contractor.
Continued
Reminders
• Ensure that the relationship for the contractor has been input into Enterprise Person, all applicable forms have been signed by the SNL Manager, and that the individual is on a current contract prior to submittal for processing.
• Notify the Clearance and Facility Clearance offices when there is a change of SDR or SCR.
• Clearance extensions are required when an individual will be performing work under more than one contract. An individual may not use their clearance for contract A to perform work for contract B.
• The FSO’s e-mail address may not be used for a clearance applicant completing an SF-2730 PIV. The clearance applicant must complete the form and provide their work or personal e-mail address.
Personnel Security Clearance Office Contacts
SNL/NMAngela ChavezClearance Processing Specialist
505-844-1975
SNL/NM
Joanne Trujillo
Clearance Office
Team Lead
505-284-2554
SNL/CA
Theresa Price
Visitor Control Office
Team Lead
925-294-3043
SNL/CA
Carol James
Clearance Processing Specialist
925-294-2061
NM Personnel Security
Information Line
505-284-3103, Option 2
NM Clearance
e-mail address
clearance-nm@
sandia.gov
Contractor Toolcart
Website
http://www.sandia.gov/fso
Break
Personnel SecurityBadge Office
Lisa Kaneshiro
Badge Overview
• HSPD-12 federal credential
• Local Site-Specific Only (LSSO) badges
• Badge responsibilities
• Consequences regarding lost, stolen, and forgotten badges
• Badge Office staff
• Contact information
• Questions
HSPD-12 Federal Credential
• As of April 23, 2009, SNL Personnel Security has completed sponsoring all of our cleared employees, contractors, and consultants.
• It is very important that you schedule your appointment to begin the enrollment process within a week of your sponsorship notification.
HSPD-12 Federal Credential
• All individuals were notified via e-mail when they were sponsored for the new federal credential.
• A valid e-mail address is required to complete the HSPD-12 badge issuance process.
• If you have any employees who do not have valid e-mail addresses, please provide current e-mail addresses their full names and dates of birth. – Submit the information to
Continued
HSPD-12 Federal Credential
• Upon receipt of the requested information, the Personnel Security Department will update the DOE GSA system and resend the initial sponsor notification.
Continued
HSPD-12 Federal Credential
• When you are ready to begin the enrollment process the following websites contain step-by-step instructions on how to complete the process.
http://www.sandia.gov/FSO/hspd12_instructions.htm - external
http://www-irn.sandia.gov/security/program/badgeoffice/hspd12/index.html - internal
• All questions may be referred to [email protected].
Continued
HSPD-12 Federal Credential
• All individuals will be notified via e-mail when their federal credentials have arrived at the Badge Office. After receiving notification they will complete the following:
– Have their federal credential enrolled into Sandia’s physical access system and surrender their old Standard DOE Badge.
– Activate their federal credential into the federal system.
Continued
NEW Federal Credential
• All credentials will have start and end dates.– Contractor badges are encoded with an end
date that corresponds to the contract expiration date.
• The credential may be used at other federal sites.
• Replacement of a federal credential will cost Sandia a minimum of $50.00 and will take 2 to 4 weeks.
NEW Federal Credential
• Only DOE agency individuals will have an indication of clearance level on their credential, in the form of a “Q” or “L” printed on the face of the credential.– This includes all employees, consultants, and subcontractors of
the DOE contractor-operated sites, such as Sandia.
Clearance Level Indicator
Red stripe at bottom indicates “first responder”
Continued
NEW Federal Credential
• New policies are being evaluated by DOEand Sandia as to whether “vouching”will still be allowed.
• Additional guidance will be necessary to verifyclearance levels at meetings.
• Until all individuals receive their federal credentials, Sandia will be in an especially vulnerable period because of possible confusion due to the different color-coding system of the Federal Credential.
LSSO Badges
• In the near future, the current DOE standard badge will no longer be recognized at SNL or any other DOE sites.
U. S. Department of EnergyAlbuquerque Operations Office
CK00001
VIRGINIA S.FOSTER
L
C
EX: 12/31/99
CONTRACTOR
U. S. Department of EnergyAlbuquerque Operations Office
CK00000
VIRGINIA S.FOSTER
Q
C
LSSO Badges
• SNL is currently issuing Local Site-Specific Only (LSSO) badges to all new Members of the Workforce and those whose badges have been lost, stolen, or forgotten.
Sandia National LaboratoriesAlbuquerque, New Mexico
CK00007
VIRGINIA S.FOSTER
EX: 12/30/07
Contractor
L
Sandia National LaboratoriesAlbuquerque, New Mexico
CK00006
VIRGINIA S.FOSTER
Q
LSSO Badges
• An LSSO badge can only be used at the site where it was issued.
• Individuals who travel to other DOE facilities must go through the classified visits process to obtain access to the other facility.
Continued
Badge Responsibilities
• Badges MUST be returned when individuals:– Terminate.– No longer require a clearance.– Leave on extended absences of 90
consecutive calendar days or more.– No longer require site access.
Badge Responsibilities
REMINDER:– Badges should NOT be used for personal
identification outside of Sandia premises.– Exceptions:
• SNL Federal Credit Union located on Kirtland Air Force Base (KAFB)
• Gaining access onto to KAFB
Continued
Badge Responsibilities
• As of February 1, 2007, SNL contractors/consultants are held accountable for:– Multiple lost, forgotten, and stolen badges.– Unreturned security badges.
Continued
Badge Responsibilities
• All badges are accountable items and the property of the U.S. Government.– Contracting companies/consultants are responsible
and accountable for ensuring that their employees properly protect, handle, and return badges.
– In the case of forgotten badges, the badge holder should attempt to retrieve his/her security badge before attempting to obtain a replacement.
– An individual will not be able to obtain any further badging services until the badge is accounted for or reported as stolen.
Continued
Consequences for Lost, Stolen, and Forgotten Badges
Consequences associated with lost, stolen, forgotten, and unreturned badges are listed in ISS100.5.5, Use, Control, and Protect Badges.
Consequences for Lost, Stolen, and Forgotten Badges
First occurrence within 365 days.• A memo will be sent to the contractor’s Sandia
Badge Requestor (SBR) and the SBR’s immediate supervisor.
• Within 5 working days, the SBR must contact both the individual and his/her company and explain the importance of safeguarding access-authorization credentials.
• Evidence of this discussion must be documented.
Consequences for Lost, Stolen, and Forgotten Badges
Second occurrence within 365 days.• A memo will be sent to the SBR and his/her
immediate supervisor and the SBR’s Senior Manager.
• A replacement badge will not be issued for 3 working days.
• If such a delay would negatively affect the mission, the SBR’s Senior Manager may approve a deviation—to be communicated to the Badge Office Team Lead.
• The SBR must obtain written evidence that corrective actions have been taken with the affected badge holder.
• The Senior Manager must provide written comments to the Badge Office Team Lead.
• If the Badge Office Team Lead does not receive this documentation within 5 business days of the occurrence, the badge in question will be deactivated.
Consequences for Lost, Stolen, and Forgotten Badges
Continued
Consequences for Lost/Stolen/Forgotten Badges
Third occurrence within 365 days.• Notification to the SBR, his/her immediate
supervisor, and either the Senior Manager or Center Director via memo.
• A replacement badge will not be issued for 7 working days.
• If such a delay would negatively affect the mission, the SBR’s Senior Manager or designee may approve a deviation—to be communicated to the Badge Office Team Lead.
Consequences for Lost, Stolen, and Forgotten Badges
Consequences for Lost/Stolen/Forgotten Badges
• The SBR must obtain written evidence that the contracting company has taken corrective actions with the affected badge holder.
• The Center Director must provide written comments to the Badge Office Team Lead.
Consequences for Lost, Stolen, and Forgotten Badges
Continued
Badge Office Staff
Maretta King844-1762
Badge Retrieval OutgoingClassified Visits
Emma Johnson845-3357
Badge Office Staff
Sharon Lawson845-3359
Incoming ClassifiedVisits
Gracie Wells284-0962
Incoming ClassifiedVisits
Badge Office Staff
Front Counter
Amy LevanAnnette Chavez Rubyann SanchezDavid Evanetich Sharon Martinez
Front Counter Helpline284-3626
Contact Information
Any Questions Concerning:– Access Control/Badging– Responsibilities
Please Call:
Lisa Kaneshiro at (505) 844-3495
Or
The Badge Office Helpline (505) 284-3626
Cyber SecurityJulie Perich
FSO ToolcartMargret Tibbetts
Contractor Toolcart
Location: www.sandia.gov/fso
What is it?
Who has access to it?
Why do I want to go there?
Contractor Toolcart
• A very handy website for all of you
• Information is updated frequently– Don’t wait for us to tell you– Go check it every other week
• Look for updated forms, newsletters, briefings. Don’t use the old one, if we’ve posted the new one. We will reject it.
Information galore! All for you!
Closing RemarksFran Armijo