32 CFR § 117.3 - Acronyms and Definitions.

§ 117.3 Acronyms and Definitions.

(a) Acronyms. Unless otherwise noted, these acronyms and their terms are for the purposes of this rule.

ACCM alternative compensatory control measures
AEA Atomic Energy Act of 1954, as amended
AUS Australia
CAGE commercial and government entity
CCIPP classified critical infrastructure protection program
CDC cleared defense contractor
CFIUS Committee on Foreign Investment in the United States
CFR Code of Federal Regulations
CI Counterintelligence
CIA Central Intelligence Agency
CNSS Committee on National Security Systems
CNWDI critical nuclear weapons design information
COMSEC communications security
COR central office of record
CSA cognizant security agency
CSO cognizant security office
CUSR Central United States Registry
DCSA Defense Counterintelligence and Security Agency
DD Department of Defense (forms only)
DDTC Directorate of Defense Trade Controls
DGR designated government representative
DHS Department of Homeland Security
DNI Director of National Intelligence
DoD Department of Defense
DoDD Department of Defense Directive
DoDI Department of Defense Instruction
DoDM Department of Defense Manual
DOE Department of Energy
ECP electronic communications plan
E.O. Executive order
FBI Federal Bureau of Investigation
FCL facility (security) clearance
FGI foreign government information
FOCI foreign ownership, control, or influence
FRD Formerly Restricted Data
FSCC Facility Security Clearance Certificate (NATO)
FSO facility security officer
GCA government contracting activity
GCMS government contractor monitoring station
GSA General Services Administration
GSC government security committee
IDE intrusion detection equipment
IDS intrusion detection system
IFB invitation for bid
ISOO Information Security Oversight Office
ISSM information system security manager
ISSO information systems security officer
ITAR International Traffic in Arms Regulations
ITPSO insider threat program senior official
KMP key management personnel
LAA limited access authorization
MFO multiple facility organization
NATO North Atlantic Treaty Organization
NDA nondisclosure agreement
NIAG NATO Industrial Advisory Group
NID national interest determination
NISP National Industrial Security Program
NISPOM National Industrial Security Program Operating Manual
NIST National Institute for Standards and Technology
NNPI Naval Nuclear Propulsion Information
NNSA National Nuclear Security Administration
NPLO NATO Production Logistics Organization
NRC Nuclear Regulatory Commission
NRTL nationally recognized testing laboratory
NSA National Security Agency
NSI national security information
NTIB National Technology and Industrial Base
OCA original classification authority
OMB Office of Management and Budget
PA proxy agreement
PCL personnel (security) clearance
RD Restricted Data
RFP request for proposal
RFQ request for quotation
SAP special access program
SCA security control agreement
SCI sensitive compartmented information
SD Secretary of Defense (forms only)
SEAD Security Executive Agent directive
SF standard form
SMO senior management official
SSA special security agreement
SSP systems security plan
TCP technology control plan
TFNI Transclassified Foreign Nuclear Information
TP transportation plan
UK United Kingdom
UL Underwriters' Laboratories
U.S.C. United States Code
USD (I&S) Under Secretary of Defense for Intelligence and Security
USG United States Government
USML United States Munitions List
VAL visit authorization letter
VT voting trust

(b) Definitions. Unless otherwise noted, these terms and their definitions are for the purposes of this rule.

Access means the ability and opportunity to gain knowledge of classified information.

Access Permittee means the holder of an Access Permit issued pursuant to the regulations set forth in 10 CFR part 725, “Permits For Access to Restricted Data.”

ACCM are security measures used by USG agencies to safeguard classified intelligence or operations when normal measures are insufficient to achieve strict need-to-know controls and where SAP controls are not required.

Adverse information means any information that adversely reflects on the integrity or character of a cleared employee, that suggests that his or her ability to safeguard classified information may be impaired, that his or her access to classified information clearly may not be in the interest of national security, or that the individual constitutes an insider threat.

Affiliate means each entity that directly or indirectly controls, is directly or indirectly controlled by, or is under common control with, the ultimate parent entity.

Agency(ies) means any “Executive agency” as defined in 5 U.S.C. 105; any “Military department” as defined in 5 U.S.C. 102; and any other entity within the executive branch that releases classified information to private sector entities. This includes component agencies under another agency or under a cross-agency oversight office (such as ODNI with CIA), which are also agencies for purposes of this rule.

Alarm service company means an entity or branch office from which all of the installation, service, and maintenance of alarm systems are provided, and the monitoring and investigation of such systems are either provided by its own personnel or with personnel assigned by this location.

Alarm system description form means a form describing an alarm system and monitoring information.

Approved security container means a GSA approved security container originally procured through the Federal Supply system. The security containers bear the GSA Approval label on the front face of the container, which identifies them as meeting the testing requirements of the assigned federal specification and having been maintained according to Federal Standard 809.

Approved vault means a vault built to Federal Standard 832 and approved by the CSA.

AUS community consists of the Government of Australia entities and Australian non-governmental facilities identified on the DDTC website (https://pmddtc.state.gov/) at the time of export or transfer.

Authorized person means a person who has a favorable determination of eligibility for access to classified information, has signed an approved nondisclosure agreement, and has a need-to-know.

Branch office means an office of an entity which is located somewhere other than the entity's main office location. A branch office is simply another location of the same legal business entity, and is still involved in the business activities of the entity.

CCIPP means security sharing of classified information under a designated critical infrastructure protection program with such authorized individuals and organizations as determined by the Secretary of Homeland Security.

CDC means a subset of contractors cleared under the NISP who have classified contracts with the DoD.

Certification means comprehensive evaluation of an information system component that establishes the extent to which a particular design and implementation meets a set of specified security requirements.

Classification guide means a document issued by an authorized original classifier that identifies the elements of information regarding a specific subject that must be classified and prescribes the level and duration of classification and appropriate declassification instructions.

Classified contract means any contract, license, agreement, or grant requiring access to classified information by a contractor and its employees for performance. A contract is referred to in this rule as a “classified contract” even when the contract document and the contract provisions are not classified. The requirements prescribed for a “classified contract” also are applicable to all phases of precontract, license or grant activity, including solicitations (bids, quotations, and proposals), precontract negotiations, post-contract activity, or other government contracting activity (GCA) programs or projects which require access to classified information by a contractor.

Classified covered information system means an information system that is owned or operated by or for a cleared defense contractor and that processes, stores, or transmits information created by or for the DoD with respect to which such contractor is required to apply enhanced protection (e.g., classified information). A classified covered information system is a type of covered network consistent with the requirements of Section 941 of Public Law 112-239 and 10 U.S.C. 391.

Classified information means information that has been determined, pursuant to E.O. 13526, or any predecessor or successor order, and the AEA of 1954, as amended, to require protection against unauthorized disclosure in the interest of national security and which has been so designated. The term includes NSI, RD, and FRD.

Classified meetings means a conference, seminar, symposium, exhibit, convention, training course, or other such gathering during which classified information is disclosed.

Classified visit means a visit during which a visitor will require, or is expected to require, access to classified information.

Classifier means any person who makes a classification determination and applies a classification category to information or material. The determination may be an original classification action or it may be a derivative classification action. Contractors make derivative classification determinations based on classified source material, a security classification guide, or a contract security classification specification, or equivalent.

Cleared commercial carrier means a carrier that is authorized by law, regulatory body, or regulation to transport SECRET and CONFIDENTIAL material and has been granted a SECRET facility clearance in accordance with the NISP.

Cleared employees means all employees of industrial or commercial contractors, licensees, certificate holders, or grantees of an agency, as well as all employees of sub contractors and personal services contractor personnel, and who are granted favorable eligibility determinations for access to classified information by a CSA or are being processed for eligibility determinations for access to classified information by a CSA. A contractor may give an employee access to classified information in accordance with the provisions of § 117.10(a)(1)(iii).

Closed area means an area that meets the requirements of this rule for safeguarding classified material that, because of its size, nature, or operational necessity, cannot be adequately protected by the normal safeguards or stored during nonworking hours in approved containers.

CNWDI means a DoD category of TOP SECRET RD or SECRET RD information that reveals the theory of operation or design of the components of a thermonuclear or fission bomb, warhead, demolition munition, or test device. Specifically excluded is information concerning arming, fusing, and firing systems; limited life components; and total contained quantities of fissionable, fusionable, and high explosive materials by type. Among these excluded items are the components that DoD personnel set, maintain, operate, test or replace.

Compromise means an unauthorized disclosure of classified information.

COMSEC means the protective measures taken to deny unauthorized persons information derived from USG telecommunications relating to national security and to ensure the authenticity of such communications.

CONFIDENTIAL means the classification level applied to information, the unauthorized disclosure of which reasonably could be expected to cause damage to the national security that the original classification authority (OCA) is able to identify or describe.

Consignee means a person, firm, or Government (i.e., USG or foreign government) activity named as the receiver of a shipment; one to whom a shipment is consigned.

Consignor means a person, firm, or Government (i.e., USG or foreign government) activity by which articles are shipped. The consignor is usually the shipper.

Constant surveillance service means a transportation protective service provided by a commercial carrier qualified by the Surface Deployment and Distribution Command to transport CONFIDENTIAL shipments. The service requires constant surveillance of the shipment at all times by a qualified carrier representative; however, an FCL is not required for the carrier. The carrier providing the service must maintain a signature and tally record for the shipment.

Consultant means an individual under contract, and compensated directly, to provide professional or technical assistance to a contractor in a capacity requiring access to classified information.

Continuous evaluation as defined in SEAD 6 is a personnel security investigative process to review the background of a covered individual who has been determined to be eligible for access to classified information or to hold a sensitive position at any time during the period of eligibility. Continuous evaluation leverages a set of automated records checks and business rules, to assist in the ongoing assessment of an individual's continued eligibility. It supplements, but does not replace, the established personnel security program for scheduled periodic reinvestigations of individuals for continuing eligibility.

Continuous monitoring program means a system that facilitates ongoing awareness of threats, vulnerabilities, and information security to support organizational risk management decisions.

Contracting officer means a USG official who, in accordance with departmental or agency procedures, has the authority to enter into and administer contracts, licenses or grants and make determinations and findings with respect thereto, or any part of such authority. The term also includes the designated representative of the contracting officer acting within the limits of his or her authority.

Contractor means any industrial, educational, commercial, or other entity that has been granted an entity eligibility determination by a CSA. This term also includes licensees, grantees, or certificate holders of the USG with an entity eligibility determination granted by a CSA. As used in this rule, “contractor” does not refer to contractor employees or other personnel.

Cooperative agreement means a legal instrument which, consistent with 31 U.S.C. 6305, is used to enter into the same kind of relationship as a grant (see definition of “grant” in this subpart), except that substantial involvement is expected between USG and the recipient when carrying out the activity contemplated by the cooperative agreement. The term does not include “cooperative research and development agreements” as defined in 15 U.S.C. 3710a.

Cooperative research and development agreement means any agreement between one or more Federal laboratories and one or more non-Federal parties under which the Government, through its laboratories, provides personnel, services, facilities, equipment, intellectual property, or other resources with or without reimbursement (but not funds to non-Federal parties) and the non-Federal parties provide funds, personnel, services, facilities, equipment, intellectual property, or other resources toward the conduct of specified research or development efforts which are consistent with the missions of the laboratory; except that such term does not include a procurement contract or cooperative agreement as those terms are used in sections 6303, 6304, and 6305 of title 31.

Corporate family means an entity, its parents, subsidiaries, divisions, and branch offices.

Counterintelligence means information gathered and activities conducted to protect against espionage, other intelligence activities, sabotage, or assassinations conducted for or on behalf of foreign powers, organizations or persons, or international terrorist activities, but not including personnel, physical, document or communications security programs.

Courier means a cleared employee, designated by the contractor, whose principal duty is to transmit classified material to its destination, ensuring that the classified material remains under their constant and continuous protection and that they make direct point-to-point delivery.

CRYPTO means the marking or designator that identifies unencrypted COMSEC keying material used to secure or authenticate telecommunications carrying classified or sensitive USG or USG-derived information. This includes non-split keying material used to encrypt or decrypt COMSEC critical software and software based algorithms.

CSA means an agency designated as having NISP implementation and security responsibilities for its own agencies (including component agencies) and any entities and non-CSA agencies under its cognizance. The CSAs are: DoD; DOE; NRC; ODNI; and DHS.

CSO means an organizational unit to which the head of a CSA delegates authority to administer industrial security services on behalf of the CSA.

CUI means information the USG creates or possesses, or that an entity creates or possesses for or on behalf of the USG, that a law, regulation, or USG-wide policy requires or permits an agency to handle using safeguarding or dissemination controls. However, CUI does not include classified information or information a non-executive branch entity possesses and maintains in its own systems that did not come from, or was not created or possessed by or for, an executive branch agency or an entity acting for an agency.

Custodian means an individual who has possession of, or is otherwise charged with, the responsibility for safeguarding classified information.

Cybersecurity means prevention of damage to, protection of, and restoration of computers, electronic communications systems, electronic communications services, wire communication, and electronic communication, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and nonrepudiation.

Cyber incident means actions taken through the use of computer networks that result in an actual or potentially adverse effect on an information system or the information residing therein.

Declassification means a date or event which coincides with the lapse of the information's national security sensitivity, as determined by the OCA. Declassification occurs when the OCA has determined that the classified information no longer requires, in the interest of national security, any degree of protection against unauthorized disclosure, and the information has had its classification designation removed or cancelled.

Defense articles means those articles, services, and related technical data, including software, in tangible or intangible form, which are listed on the United States Munitions List (USML) of the International Traffic in Arms Regulations (ITAR), as modified or amended. Defense articles exempt from the scope of ITAR section 126.17 are identified in Supplement No. 1 to Part 126 of the ITAR.

Defense services means:

(1) Furnishing assistance (including training) to foreign persons, whether in the United States or abroad, in the design, development, engineering, manufacture, production, assembly, testing, repair, maintenance, modification, operation, demilitarization, destruction, processing or use of defense articles;

(2) Furnishing to foreign persons any controlled technical data, whether in the United States or abroad; or

(3) Providing military training of foreign units and forces, regular and irregular, including formal or informal instruction of foreign persons in the United States or abroad or by correspondence courses, technical, educational, or information publications and media of all kinds, training aid, orientation, training exercise, and military advice.

Derivative classification means the incorporating, paraphrasing, restating, or generating in new form information that is already classified, and marking the newly developed material consistent with the classification markings that apply to the source information. Derivative classification includes classifying information based on classification guidance. Duplicating or reproducing existing classified information is not derivative classification.

Document means any recorded information, regardless of the nature of the medium, or the method or circumstances of recording.

Downgrade means a determination by a declassification authority that information classified and safeguarded at a specified level will be classified and safeguarded at a lower level.

Embedded system means an information system that performs or controls a function, either in whole or in part, as an integral element of a larger system or subsystem, such as, ground support equipment, flight simulators, engine test stands, or fire control systems.

Empowered official is defined in 22 CFR part 120.

Entity is a generic and comprehensive term which may include sole proprietorships, partnerships, corporations, limited liability companies, societies, associations, institutions, contractors, licensees, grantees, certificate holders, and other organizations usually established and operating to carry out a commercial, industrial, educational, or other legitimate business, enterprise, or undertaking, or parts of these organizations. It may reference an entire organization, a prime contractor, parent organization, a branch or division, another type of sub-element, a sub-contractor, subsidiary, or other subordinate or connected entity (referred to as “sub-entities” when necessary to distinguish such entities from prime or parent entities). It may also reference a specific location or facility, or the headquarters or official business location of the organization, depending upon the organization's business structure, the access needs involved, and the responsible CSA's procedures. The term “entity” as used in this rule refers to the particular entity to which an agency might release, or is releasing, classified information, whether that entity is a parent or subordinate organization. The term “entity” in this rule includes contractors.

Entity eligibility determination means an assessment by the CSA as to whether an entity is eligible for access to classified information of a certain level (and all lower levels). Entity eligibility determinations may be broad or limited to specific contracts, sponsoring agencies, or circumstances. A favorable entity eligibility determination results in eligibility to access classified information under the cognizance of the responsible CSA to the level approved. When the entity would be accessing categories of information such as RD or SCI for which the CSA for that information has set additional requirements, CSAs must also assess whether the entity is eligible for access to that category of information. Some CSAs refer to their favorable entity eligibility determinations as FCLs. However, a favorable entity eligibility determination for the DHS CCIPP is not equivalent to an FCL and does not meet the requirements for FCL reciprocity. A favorable entity eligibility determination does not convey authority to store classified information.

Escort means a cleared person, designated by the contractor, who accompanies a shipment of classified material to its destination. The classified material does not remain in the personal possession of the escort but the conveyance in which the material is transported remains under the constant observation and control of the escort.

Extent of protection means the designation (such as “Complete”) used to describe the degree of alarm protection installed in an alarmed area.

Facility means a plant, laboratory, office, college, university, or commercial structure with associated warehouses, storage areas, utilities, and components, that, when related by function and location, form an operating entity.

FCL means an administrative determination that, from a security viewpoint, an entity is eligible for access to classified information of a certain level (and all lower levels) (e.g., a type of favorable entity eligibility determination used by some CSAs). An entity eligibility determination for the DHS CCIPP is not the equivalent of an FCL and does not meet the requirements for FCL reciprocity.

FGI means information that is:

(1) Provided to the United States by a foreign government or governments, an international organization of governments, or any element thereof with the expectation, expressed or implied, that the information, the source of the information, or both, are to be held in confidence; or

(2) Produced by the United States pursuant to, or as a result of, a joint arrangement with a foreign government or governments, an international organization of governments, or any element thereof, requiring that the information, the arrangement, or both are to be held in confidence.

Foreign interest means any foreign government, agency of a foreign government, or representative of a foreign government; any form of business enterprise or legal entity organized, chartered or incorporated under the laws of any country other than the United States or its territories, and any person who is not a citizen or national of the United States.

Foreign national means any person who is not a citizen or national of the United States.

Foreign person is defined in 31 CFR 800.224 for CFIUS purposes.

FRD means classified information removed from the Restricted Data category upon a joint determination by the DOE and DoD that such information relates primarily to the military utilization of atomic weapons and that such information can be adequately safeguarded as classified defense information.

Freight forwarder (transportation agent) means any agent or facility designated to receive, process, and transship U.S. material to foreign recipients. In the context of this rule, it means an agent or facility cleared specifically to perform these functions for the transfer of U.S. classified material to foreign recipients.

GCA means an element of an agency that the agency head has designated and delegated broad authority regarding acquisition functions. A foreign government may also be a GCA.

Governing board means an entity's board of directors, board of managers, board of trustees, or equivalent governing body.

Grant means a legal instrument which, consistent with 31 U.S.C. 6304, is used to enter into a relationship: (a) Of which the principal purpose is to transfer a thing of value to the recipient to carry out a public purpose of support or stimulation authorized by a law of the United States, rather than to acquire property or services for the USG's direct benefit or use; or, (b) In which substantial involvement is not expected between DoD and the recipient when carrying out the activity contemplated by the award. Throughout this rule, the term grant will include both the grant and cooperative agreement.

Grantee means the entity that receives a grant or cooperative agreement.

Hand carrier means a cleared employee, designated by the contractor, who occasionally hand carries classified material to its destination in connection with a classified visit or meeting. The classified material remains in the personal possession of the hand carrier except for authorized overnight storage.

Home office means the headquarters of a multiple facility entity.

Industrial security means that portion of information security concerned with the protection of classified information in the custody of U.S. industry.

Information means any knowledge that can be communicated or documentary material, regardless of its physical form or characteristics.

Information security means the system of policies, procedures, and requirements established pursuant to executive order, statute, or regulation to protect information that, if subjected to unauthorized disclosure, could reasonably be expected to cause damage to national security. The term also applies to policies, procedures, and requirements established to protect unclassified information that may be withheld from release to the public.

Information system means an assembly of computer hardware, software, and firmware configured for the purpose of automating the functions of calculating, computing, sequencing, storing, retrieving, displaying, communicating, or otherwise manipulating data, information and textual material.

Insider means cleared contractor personnel with authorized access to any USG or contractor resource, including personnel, facilities, information, equipment, networks, and systems.

Insider threat means the likelihood, risk, or potential that an insider will use his or her authorized access, wittingly or unwittingly, to do harm to the national security of the United States. Insider threats may include harm to contractor or program information, to the extent that the information impacts the contractor or agency's obligations to protect classified NSI.

Joint venture means an association of two or more persons or entities engaged in a single defined project with all parties contributing assets and efforts, and sharing in the management, profits and losses, in accordance with the terms of an agreement among the parties.

KMP means an entity's senior management official (SMO), facility security officer (FSO), insider threat program senior official (ITPSO), and all other entity officials who either hold majority interest or stock in, or have direct or indirect authority to influence or decide issues affecting the management or operations of, the entity or classified contract performance.

L access authorization means an access determination that is granted by DOE or NRC based on a Tier 3 or successor background investigation as set forth in applicable national-level requirements and DOE directives. Within DOE and NRC, an “L” access authorization permits an individual who has an official “need to know” to access Confidential Restricted Data, Secret and Confidential Formerly Restricted Data, Secret and Confidential Transclassified Foreign Nuclear Information, or Secret and Confidential National Security Information, required in the performance of official duties. An “L” access authorization determination is required for individuals with a need to know outside of DOE, NRC, DoD, and in limited cases NASA, to access Confidential Restricted Data.

LAA means security access authorization to CONFIDENTIAL or SECRET information granted to non-U.S. citizens requiring only limited access in the course of their regular duties.

Material means any product or substance on or in which information is embodied.

Matter means anything in physical form that contains or reveals classified information.

Media means physical devices or writing surfaces including but not limited to, magnetic tapes, optical disks, magnetic disks, large-scale integration memory chips, and printouts (but not including display media) onto which information is recorded, stored, or printed within an information system.

MFO means a legal entity (single proprietorship, partnership, association, trust, or corporation) composed of two or more entities (facilities).

National of the United States means a person who owes permanent allegiance to the United States. All U.S. citizens are U.S. nationals; however, not all U.S. nationals are U.S. citizens (for example, persons born in American Samoa or Swains Island).

NATO information means information bearing NATO markings, indicating the information is the property of NATO, access to which is limited to representatives of NATO and its member nations unless NATO authority has been obtained to release outside of NATO.

NATO visits means visits by personnel representing a NATO entity and relating to NATO contracts and programs.

Need-to-know means a determination made by an authorized holder of classified information that a prospective recipient has a requirement for access to, knowledge of, or possession of the classified information to perform tasks or services essential to the fulfillment of a classified contract or program.

Network means a system of two or more information systems that can exchange data or information.

NNPI is classified or unclassified information concerning the design, arrangement, development, manufacture, testing, operation, administration, training, maintenance, and repair of the propulsion plants of naval nuclear-powered ships and prototypes, including the associated shipboard and shore-based nuclear support facilities.

Non-DoD executive branch agencies means the non-DoD agencies that have entered into agreements with DoD to receive NISP industrial security services from DoD. A list of these agencies is on the Defense Counterintelligence and Security Agency website at https://www.dcsa.mil.

Non-Federal information system is defined in 32 CFR part 2002.

NRTL means a private sector organizations recognized by the Occupational Safety and Health Administration to perform certification for certain products to ensure that they meet the requirements of both the construction and general industry Occupational Safety and Health Administration electrical standards. Each NRTL is recognized for a specific scope of test standards.

NSI means information that has been determined pursuant to E.O. 13526 or predecessor order to require protection against unauthorized disclosure and marked to indicate its classified status.

NTIB means the industrial bases of the United States and Australia, Canada, and the United Kingdom.

NTIB entity means a person that is a subsidiary located in the United States for which the ultimate parent entity and any intermediate parent entities of such subsidiary are located in a country that is part of the national technology and industrial base (as defined in section 2500 of title 10, United States Code); and that is subject to the foreign ownership, control, or influence requirements of the National Industrial Security Program.

Nuclear weapon data means Restricted Data or Formerly Restricted Data concerning the design, manufacture, or utilization (including theory, development, storage, characteristics, performance and effects) of nuclear explosives, nuclear weapons or nuclear weapon components, including information incorporated in or related to nuclear explosive devices. Nuclear weapon data is matter in any combination of documents or material, regardless of physical form or characteristics.

OCA means an individual authorized in writing, either by the President, the Vice President, or by agency heads or other officials designated by the President, to classify information in the first instance.

Original classification means an initial determination that information requires, in the interest of national security, protection against unauthorized disclosure. Only USG officials who have been designated in writing may apply an original classification to information.

Parent means an entity that owns at least a majority of another entity's voting securities.

PCL means an administrative determination that an individual is eligible, from a security point of view, for access to classified information of the same or lower category as the level of the personnel clearance being granted.

Prime contract means a contract awarded by a GCA to a contractor for a legitimate USG purpose.

Prime contractor means the contractor who receives a prime contract from a GCA.

Privileged user means a user that is authorized (and, therefore, trusted) to perform security-relevant functions that ordinary users are not authorized to perform.

Proscribed information means:

(1) TOP SECRET information;

(2) COMSEC information or material, excluding controlled cryptographic items when unkeyed or utilized with unclassified keys.

(3) RD;

(4) SAP information; or.

(5) SCI.

Protective security service means a transportation protective service provided by a cleared commercial carrier qualified by DoD's Surface Deployment and Distribution Command to transport SECRET shipments.

Q access authorization means an access determination that is granted by DOE or NRC based on a Tier 5 or successor background investigation as set forth in applicable national-level requirements and DOE directives. Within DOE and the NRC, a “Q” access authorization permits an individual with an official “need to know” to access Top Secret, Secret and Confidential Restricted Data, Formerly Restricted Data, Transclassified Foreign Nuclear Information, National Security Information, or special nuclear material in Category I or II quantities, as required in the performance of official duties. A “Q” access authorization is required for individuals with a need to know outside of DOE, NRC, DoD, and in a limited case NASA, to access Top Secret and Secret Restricted Data.

Remote terminal means a device communicating with an automated information system from a location that is not within the central computer facility.

Restricted area means a controlled access area established to safeguard classified material that, because of its size or nature, cannot be adequately protected during working hours by the usual safeguards, but is capable of being stored during non-working hours in an approved repository or secured by other methods approved by the CSA.

RD means all data concerning (1) design, manufacture, or utilization of atomic weapons; (2) the production of special nuclear material; or (3) the use of special nuclear material in the production of energy, but does not include data declassified or removed from the RD category pursuant to section 142 of the AEA.

SAP means any program that is established to control access and distribution and to provide protection for particularly sensitive classified information beyond that normally required for TOP SECRET, SECRET, or CONFIDENTIAL information. A SAP can be created or continued only as authorized by a senior agency official delegated such authority pursuant to E.O. 13526.

Schedule 13D means a form required by the Securities and Exchange Commission when a person or group of persons acquires beneficial ownership of more than 5% of a voting class of a company's equity securities registered under Section 12 of the “Securities Exchange Act of 1934” (available at: https://www.sec.gov/fast-answers/answerssched13htm.html).

SCI means a subset of classified national intelligence concerning or derived from intelligence sources, methods or analytical processes that is required to be protected within formal access control systems established by the DNI.

SECRET means the classification level applied to information, the unauthorized disclosure of which reasonably could be expected to cause serious damage to the national security that the OCA is able to identify or describe.

Security in depth means a determination made by the CSA that a contractor's security program consists of layered and complementary security controls sufficient to deter and detect unauthorized entry and movement within the facility. Examples include, but are not limited to, use of perimeter fences, employee and visitor access controls, use of an Intrusion Detection System (IDS), random guard patrols throughout the facility during nonworking hours, closed circuit video monitoring, or other safeguards that mitigate the vulnerability of open storage areas without alarms and security storage cabinets during nonworking hours.

Security violation means failure to comply with the policy and procedures established by this part that reasonably could result in the loss or compromise of classified information.

Shipper means one who releases custody of material to a carrier for transportation to a consignee. (See also “Consignor.”)

SMO is the contractor's official responsible for the entity policy and strategy. The SMO is an entity employee occupying a position in the entity with ultimate authority over the facility's operations and the authority to direct actions necessary for the safeguarding of classified information in the facility. This includes the authority to direct actions necessary to safeguard classified information when the access to classified information by the facility's employees is solely at other contractor facilities or USG locations.

Source document means an existing document that contains classified information that is incorporated, paraphrased, restated, or generated in new form into a new document.

Standard practice procedures means a document prepared by a contractor that implements the applicable requirements of this rule for the contractor's operations and involvement with classified information at the contractor's facility.

Subcontract means any contract entered into by a contractor to furnish supplies or services for performance of a prime contract or a subcontract. It includes a contract, subcontract, purchase order, lease agreement, service agreement, request for quotation (RFQ), request for proposal (RFP), invitation for bid (IFB), or other agreement or procurement action between contractors that requires or will require access to classified information to fulfill the performance requirements of a prime contract.

Subcontractor means a supplier, distributor, vendor, or firm that enters into a contract with a prime contractor to furnish supplies or services to or for the prime contractor or another subcontractor. For the purposes of this rule, each subcontractor will be considered as a prime contractor in relation to its subcontractors.

Subsidiary means an entity in which another entity owns at least a majority of its voting securities.

System software means computer programs that control, monitor, or facilitate use of the information system; for example, operating systems, programming languages, communication, input-output controls, sorts, security packages, and other utility-type programs. Also includes off-the-shelf application packages obtained from manufacturers and commercial vendors, such as for word processing, spreadsheets, data base management, graphics, and computer-aided design.

Technical data means:

(1) Information, other than software, which is required for the design, development, production, manufacture, assembly, operation, repair, testing, maintenance or modification of defense articles. This includes information in the form of blueprints, drawings, photographs, plans, instructions or documentation.

(2) Classified information relating to defense articles and defense services on the U.S. Munitions List and 600-series items controlled by the Commerce Control List.

(3) Information covered by an invention secrecy order.

(4) Software directly related to defense articles.

TFNI means classified information concerning the nuclear energy programs of other nations (including subnational entities) removed from the RD category under section 142(e) of the AEA after the DOE and the Director of National Intelligence jointly determine that it is necessary to carry out intelligence-related activities under the provisions of the National Security Act of 1947, as amended, and that it can be adequately safeguarded as NSI instead. This includes information removed from the RD category by past joint determinations between DOE and the CIA. TFNI does not include information transferred to the United States under an Agreement for Cooperation under the Atomic Energy Act or any other agreement or treaty in which the United States agrees to protect classified information.

TOP SECRET means the classification level applied to information, the unauthorized disclosure of which reasonably could be expected to cause exceptionally grave damage to the national security that the OCA is able to identify or describe.

Transmission means sending information from one place to another by radio, microwave, laser, or other non-connective methods, as well as by cable, wire, or other connective medium. Transmission also includes movement involving the actual transfer of custody and responsibility for a document or other classified material from one authorized addressee to another.

Transshipping activity means a government activity to which a carrier transfers custody of freight for reshipment by another carrier to the consignee.

UK community consists of the UK Government entities with facilities and UK non-governmental facilities identified on the DDTC website (https://www.pmddtc.state.gov/) at the time of export.

Unauthorized person means a person not authorized to have access to specific classified information in accordance with the requirements of this rule.

United States means the 50 states and the District of Columbia.

United States and its territorial areas means the 50 states, the District of Columbia, Puerto Rico, Guam, American Samoa, the Virgin Islands, Wake Island, Johnston Atoll, Kingman Reef, Palmyra Atoll, Baker Island, Howland Island, Jarvis Island, Midway Islands, Navassa Island, and Northern Mariana Islands.

Upgrade means a determination that certain classified information, in the interest of national security, requires a higher degree of protection against unauthorized disclosure than currently provided, coupled with a change to the classification designation to reflect the higher degree.

U.S. classified cryptographic information means a cryptographic key and authenticators that are classified and are designated as TOP SECRET CRYPTO or SECRET CRYPTO. This means all cryptographic media that embody, describe, or implement classified cryptographic logic, to include, but not limited to, full maintenance manuals, cryptographic descriptions, drawings of cryptographic logic, specifications describing a cryptographic logic, and cryptographic software, firmware, or repositories of such software such as magnetic media or optical disks.

U.S. person means a United States citizen, an alien known by the intelligence agency concerned to be a permanent resident alien, an unincorporated association substantially composed of United States citizens or permanent resident aliens, or a corporation incorporated in the United States, except for a corporation directed and controlled by a foreign government or governments.

Voting securities means any securities that presently entitle the owner or holder thereof to vote for the election of directors of the issuer or, with respect to unincorporated entities, individuals exercising similar functions.

Working hours means the period of time when:

(1) There is present in the specific area where classified material is located, a work force on a regularly scheduled shift, as contrasted with employees working within an area on an overtime basis outside of the scheduled work shift; and

(2) The number of employees in the scheduled work force is sufficient in number and so positioned to be able to detect and challenge the presence of unauthorized personnel. This would, therefore, exclude janitors, maintenance personnel, and other individuals whose duties require movement throughout the facility.

Working papers means documents or materials, regardless of the media, which are expected to be revised prior to the preparation of a finished product for dissemination or retention.

The following state regulations pages link to this page.