32 CFR § 2004.36 - Determining entity employee eligibility for access to classified information.

§ 2004.36 Determining entity employee eligibility for access to classified information.

(a) Making employee eligibility determinations.

(1) The responsible CSA:

(i) Determines whether entity employees meet the criteria established in the Security Executive Agent Directive (SEAD) 4, National Security Adjudicative Guidelines (December 10, 2016). Entity employees must have a legitimate requirement (i.e., need to know) for access to classified information in the performance of assigned duties and eligibility must be clearly consistent with the interest of the national security.

(ii) Notifies entities of its determinations of employee eligibility for access to classified information.

(iii) Terminates eligibility status when there is no longer a need for access to classified information by entity employees.

(2) The responsible CSA maintains:

(i) SF 312s, Classified Information Nondisclosure Agreements, or other approved nondisclosure agreements, executed by entity employees, as prescribed by ODNI in accordance with 32 CFR 2001.80 and E.O. 13526; and

(ii) Records of its entity employee eligibility determinations, suspensions, and revocations.

(3) CSAs ensure that entities limit the number of employees with access to classified information to the minimum number necessary to work on contracts or agreements requiring access to classified information.

(4) The CSA determines the need for event-driven reinvestigations for entity employees.

(5) CSAs use the Federal Investigative Standards (FIS) issued jointly by the Suitability and Security Executive Agents.

(6) The CSA provides guidance to entities on:

(i) Requesting employee eligibility determinations, to include guidance for submitting fingerprints; and

(ii) Granting employee access to classified information when the employee has had a break in access or a break in employment.

(7) If the CSA receives adverse information about an eligible entity employee, the CSA should consider and possibly investigate, as authorized, to determine whether the employee's eligibility to access classified information remains clearly consistent with the interests of national security. If the CSA determines that an entity employee's continued eligibility is not in the interest of national security, the CSA implements procedures leading to suspension and ultimate revocation of the employee's eligible status, and notifies the entity.

(b) Consultants. A consultant is an individual under contract or agreement to provide professional or technical assistance to an entity in a capacity requiring access to classified information. A consultant is considered an entity employee for security purposes. The CSA makes eligibility determinations for entity consultants in the same way it does for entity employees.

(c) Reciprocity. The responsible CSA determines if an entity employee was previously investigated or determined eligible by another CSA. CSAs reciprocally accept existing employee eligibility determinations in accordance with applicable and current national level personnel security policy, and must not duplicate employee eligibility investigations conducted by another CSA.

(d) Limited access authorization (LAA).

(1) CSAs may make LAA determinations for non-U.S. citizen entity employees in rare circumstances, when:

(i) A non-U.S. citizen employee possesses unique or unusual skill or expertise that the agency urgently needs to support a specific U.S. Government contract or agreement; and

(ii) A U.S. citizen with those skills is not available.

(2) A CSA may grant LAAs up to the secret classified level.

(3) CSAs may not use LAAs for access to:

(i) Top secret (TS) information;

(ii) RD or FRD information;

(iii) Information that a Government-designated disclosure authority has not determined releasable to the country of which the individual is a citizen;

(iv) COMSEC information;

(v) Intelligence information, to include SCI;

(vi) NATO information, except as follows: Foreign nationals of a NATO member nation may be authorized access to NATO information subject to the terms of the contract, if the responsible CSA obtains a NATO security clearance certificate from the individual's country of citizenship. NATO access is limited to performance on a specific NATO contract;

(vii) Information for which the U.S. Government has prohibited foreign disclosure in whole or in part; or

(viii) Information provided to the U.S. Government by another government that is classified or provided in confidence.

(4) The responsible CSA provides specific procedures to entities for requesting LAAs. The GCA must concur on an entity's LAA request before the CSA may grant it.