University Policies, George Mason University

General Policies

University Policy Number 1119

Subject: Classified Information and Personnel Security Clearances

Responsible Parties: Vice President of Research; Assistant Vice President of Special Projects; Individuals Involved in Classified Research; Individuals Exposed to Classified Materials as a Function of their Job

Procedures: Standard Practice Procedures for Security Services http://www.gmu.edu/departments/universityoperations/SPP%20-%20REV%20Feb%202008.pdf

Related University Policies: Not Applicable

I. SCOPE

This policy applies to every employee of George Mason University working in classified research or otherwise involved with classified materials.

II. POLICY STATEMENT

George Mason University has entered into a legal and binding agreement with the U.S. Government which makes us eligible to perform work on classified contracts for certain agencies of the government and for prime contractors doing business with the government. Work of this nature may involve information, material and knowledge which has a direct bearing on the defense of the nation.

The purpose of this policy is to assure compliance with all laws and regulations governing the use of classified materials. The rules, guidelines and instructions contained in the procedures section have been developed to assure that all members of the university adhere to the agreement by affording proper protection for all classified information entrusted to us.

No employee or official of this University will be granted access to classified information because of his/her position. Certain employees and officials will be officially cleared for access to classified information based on work they are expected to perform in conjunction with classified contracts or sub-contracts.

Employees and officials who have been granted security clearances are the only individuals who will be granted access to classified information.

No uncleared employee shall make any effort to gain knowledge of classified information and if such knowledge is made available he/she shall report such facts immediately to the University Security Officer.

No classified research may be conducted at any university facility, nor can discussions of a classified nature be held anywhere on university property without advance coordination with the Security Officer.

III. DEFINITIONS

Access, Accessibility - The ability and opportunity to obtain knowledge of classified information. An individual, in fact, may have access to classified information by being in a place where such information is kept, if the security measures which are in force do not prevent him from gaining knowledge of the classified information.

Alien - Any person who is not a citizen or national of the United States.

Authorized Persons - Those persons who have a need-to-know for the classified information involved and have been cleared for the receipt of such information. Responsibility for determining whether a person's duties require that he possess, or have access to, any classified information and whether he is authorized to receive it, rests upon the individual who has possession, knowledge or control of the information involved, and not upon the prospective recipient.

Classified Contract - Any contract that requires or will require access to classified information by the contractor or his employees in performance of the contract. (A contract may be a classified contract even though the contract document is not classified.)

Classified Information - Official information, including foreign classified information, which requires protection in the interest of national defense and which has been so designated by appropriate authority.

Confidential - Designation which will be applied to information or material, the unauthorized disclosure of which could reasonably be expected to cause damage to the national security.

Contractor - Any individual, company, corporation or educational activity that has entered into a security agreement with the government or who has a contract to perform work, services or produce a product for the government or a prime contractor doing business with the government.

Information - Knowledge which can be communicated either orally, visually, or by any other means.

Material - Any document, product or substance on or in which information may be recorded or embodied. Material will include everything, regardless of its physical character or makeup. Machinery, documents, apparatus, devices, models, photographs, recordings, reproductions, notes, sketches, maps and letters, as well as all other products, substances or material, will fall within the general form of material.

National Industrial Security Program Operating Manual (NISPOM) – This manual implements the National Industrial Security Program by prescribing the requirements, restrictions and other safeguards to prevent unauthorized disclosure of classified information.

Need-to-know - A determination made by the possessor of classified information that a prospective recipient, in the interest of national defense, has a requirement for access to (See Access, Accessibility definition), knowledge of or possession of the classified information in order to perform tasks or services essential to fulfillment of a classified contract or program approved by a user agency.

Secret Information - Defense information and material, the unauthorized disclosure of which could result in serious damage to the national security.

Security - Refers to the safeguarding of information classified Top Secret, Secret or Confidential against unlawful or unauthorized dissemination, duplication or observation.

Standard Practice Procedure (SPP) - Procedural instructions prepared by each cleared facility which spells out in detail specific in house procedures for the protection and control of classified material. (Same as the “Standard Operating Procedures” as used in this policy.)

Unauthorized Person - Any person not cleared and not authorized to have access to specific classified information in accordance with the provisions of the NISPOM.

User Agency - The Office of the Secretary of Defense (including all boards, councils, staffs and commands), Department of Defense agencies and Department of the Army, Navy and Air Force (including all of their activities); National Aeronautics and Space Administration; General Services Administration; departments of State and Commerce; the Small Business Administration; the National Science Foundation; Departments of Treasury, Transportation, Interior, Agriculture and Health, Education and Welfare, Labor; and the Environmental Protection Agency.

IV. RESPONSIBILITIES

Policy Administrator: The Assistant Vice President of Special Projects, as the Security Officer, is responsible for administering this policy. Specific details of the role of the Security Officer are provided below.

Managers: Management at every level is responsible for supporting and enforcing all aspects of this security program. All management decisions relating to security shall be coordinated through the appointed Security Officer. No uncleared official of this University shall have the authority to over-ride the appointed Security Officer on matters relating to the Security Program.

Security Officer: The appointed Security Officer shall be responsible for all aspects and phases of the Industrial Security Program at George Mason University. The Security Officer will:

1. Have unrestricted access to all company officials on matters relating to the security program.

2. Become thoroughly familiar with the National Industrial Security Program Operating Manual (NISPOM)and maintain close liaison with the Cognizant Security Office and specifically the Industrial Security Representative(s) who visit the University.

3. Issue necessary updates and changes to these instructions to assure that they remain current at all times.

4. Establish necessary procedures to assure that all reports required by Section 3, Chapter 1 of the NISPOM are submitted on a timely and accurate basis.

5. Make periodic in house inspections and surveys to assure that our security program is effective and that employees' security education is at an acceptable level.

6. Be responsible for the Security Clearance Program to include timely submission of clearance applications, appropriate security briefings and debriefings as well as proper maintenance of all security files and records.

7. As appropriate, establish necessary procedures and techniques to assure that all classified material is properly recorded, stored, protected and accounted for.

8. Conduct a self-inspection program for the purpose of evaluating all security procedures applicable to the facility's operations. Schedule a formal self- inspection so as to occur at a reasonable interval, i.e., midway between regularly scheduled government inspections conducted by the cognizant security office. Self-inspections shall consist of an audit of all of the facility's operations in light of its SPP and the requirements of the NISPOM for Safeguarding classified information. As a minimum, self-inspection will include all elements normally inspected by the cognizant security office. Deficiencies identified as a result of self- inspections shall be corrected as expeditiously as possible. The University shall maintain a record of the dates upon which the self-inspection has been accomplished, and this record must be available for review during the next regularly scheduled inspection by the cognizant security office.

9. Submit in writing to the nearest field office of the FBI a report regarding any information as described in Section 1 – 301, Chapter 1 of the NISPOM.

Cleared Employees: When work to be performed in conjunction with classified contracts or sub-contracts necessitates that an employee or official be officially cleared for access to classified information, the employee should initiate the clearance process by contacting the Security Officer. In addition, each cleared employee will:

1. Be responsible for insuring the integrity of the Security Program at George Mason University.

2. Become thoroughly familiar with, and abide by the contents of this policy and the Standard Operating Procedures.

3. Seek guidance and assistance from the Security Officer when in doubt, on all matters relating to security and the protection of classified information.

4. Notify the Security Officer when a member of his/her immediate family, e.g, father, mother, sister or brother marries a foreign national.

5. Immediately notify the Security Officer of all questionable or suspicious contacts with foreign nationals. A questionable or suspicious contact in this regard is any personal exchange, encounter or relationship, which is determined to consist of an actual, probable or possible hostile intelligence collection effort.

6. Notify the Security Officer at least 30 days in advance of any planned trip to foreign country or attendance at an international scientific, technical, engineering or other professional meeting regardless of geographic location when it can be anticipated that foreigners are represented.

7. Notify the Security Officer upon making a decision to take an extended leave of absence or to leave the employment of the University.

V. EFFECTIVE DATE AND APPROVAL

This policy is effective upon date of signature below. This policy shall be reviewed and revised, if necessary, annually to become effective at the beginning of the University’s fiscal year, unless otherwise noted.

Approved:

_______________________
Maurice W. Scherrens
Senior Vice President

________________________
Peter N. Stearns
Provost

Date approved: February 9, 2007