SNL makes a determination to sponsor an entity (subcontract company, supplier or academic institution) for a Facility Clearance (FCL) based on a subcontract and legitimate need for access to or creation of classified information. The SNL Contract Security Management Program processes entities under SNL subcontract for FCLs, registers SNL subcontracts using the Contract Security Classification Specification (CSCS), and flows down DOE and SNL security requirements to subcontractor entities. Once an FCL is granted by DOE and the CSCS has been approved for an entity, its employees may then be sponsored for DOE personnel security clearances to perform work under a registered subcontract.
A Facility Security Officer (FSO) is a U.S. citizen with a security clearance equivalent to the facility clearance who is assigned the responsibility of administering the requirements of the safeguards and security program at their facility. An FSO must be an employee of the entity, not a contractor.
FSO Foreign Ownership Control and Influence (FOCI) Responsibilities & Facility Clearance Reporting Requirements
Subcontractor companies are required to report certain events that have an impact on the status of their facility clearance. The reporting requirements stated in this document pertain specifically to the facility clearance.
Review responsibilities and adhere to reporting requirements.
Sandia National Laboratories is responsible for complying with and flowing down DOE Contractor Requirements Documents incorporated into its contracts with subcontractors at any tier to the extent necessary to ensure compliance with DOE Directives.The NPSRP outlines the security requirements and procedures non-possessing subcontractor companies and its personnel must follow or abide by for all U.S. Government support service subcontracts to obtain DOE personnel security clearances sponsored by Sandia National Laboratories. Subcontractor companies are required to flow down the requirements in the NPSRP to all tier non-possessing subcontractor companies performing work under subcontract to SNL.
Company Key Management Personnel (KMP) and the Facility Security Officer (FSO) are obligated to read and adhere to the requirements and procedures within this plan.When requested by Contract Security Management, KMP and the FSO will submit a completed NPSRP Certification, accepting the responsibility for ensuring company compliance with the requirements relayed in the plan.
This DOE self-study training course provides an overview of the roles and responsibilities of the DOE and DOE-subcontractor FSO. The course emphasizes facility clearance requirements, personnel security, information security, incident reporting, and other related programs. The course references 32 CFR 117, National Industrial Security Program Operating Manual (NISPOM) and a comprehensive listing of DOE orders, manuals, guides, forms, and notices. Successful completion of the course, by means of six sets of Knowledge Checks, and end-of-lesson written test questions, requires a minimum score of 80% on each set. Course Outcome: Upon successful completion of this course, participants will have a basic understanding of FSO roles and responsibilities.
Required for: DOE and SNL subcontractor personnel assigned to FSO positions or functions. Submit completions via email email@example.com
Periodic Security reviews are a requirement for all non-possessing subcontractors. This process verifies that non-possessing subcontracting companies to Sandia National Laboratories are completing self-assessments.
Required for: DOE and SNL Conduct a self-assessment for your company and provide to firstname.lastname@example.org upon receipt of an Engagement Letter. If you do not have a pre-established self-assessment process or document, the Periodic Security Review Self-Assessment Checklist is available for your use.
- DOE O 475.1, dated 12/10/04, Counterintelligence Program
- NA SD 205.1, dated 7/06/17, Baseline Cybersecurity Program. Cancels DOE NAP 14.1-D, dated 12/18/12.
- NIST Special Publication 800-53, Revision 4-5 , Security and Privacy Controls for Information Systems and Organizations
- CNSSI NO 1253, dated 3/27/14, Security Categorization and Control Selection for National Security Systems
- DOE O 205.1C, dated 5/15/19, Department of Energy Cyber Security Program. Cancels DOE O 205.1B, Chg 3, dated 4/29/14
- DOE O 550.1, Chg 1, dated 12/13/19, Official Travel
Foreign Visits and Assignments
- DOE O 142.3A, Chg 2, dated 12/13/19, Unclassified Foreign Visits and Assignments Program. Cancels DOE O 142.3A, Chg 1, dated 1/18/17
Healthcare and Support Services
- DOE O 232.2A, Chg 1, dated 10/04/19, Occurrence Reporting and Processing of Operations Information. Cancels DOE O 232.2A, dated 01/17/17
- DOE O 471.3, Admin Chg 1, dated 1/13/11, Identifying and Protecting Official Use Information
- DOE M 471.3-1, Admin Chg 1, dated 1/13/11, Manual for Identifying and Protecting Official Use Only Information
- DOE O 471.6, Admin Chg 3, dated 9/12/19, Information Security. This order cancels DOE O 471.6, Admin Chg 2, dated 5/15/15, Information Security
- DOE O 475.2B, dated 10/3/14, Identifying Classified Information. This order cancels DOE O 475.2A, dated 2/1/11, Identifying Classified Information
- NNSA SD 471.6, dated 12/9/19, Operations Security Program
- DOE O 472.2, Chg.1, dated 7/9/14, Personnel Security. This order cancels DOE O 472.2, Admin Chg 1, dated 10/8/13, Personnel Security
- NNSA SD 206.2, dated 4/14/18, Implementation of Personal Identity Verification for Uncleared Contractors
- DOE O 473.1A, dated 08/30/21, Physical Protection Program. This order cancels DOE O 473.3A Chg 1, dated 01/02/18
- DOE O 470.3C , Chg 1,dated 09/09/2020, Design Basis Threat. This policy is not available on the Directives Portal. Contact email@example.com if you require access to this order
- Unclassified Graded Security Protection Policy (U), dated 3/25/09. This policy is not available on the Directives Portal. Contact firstname.lastname@example.org if you require access to this policy
- DOE O 470.6, Chg 1, dated 1/11/17, Technical Security Program
- ACD 470.6, dated 7/15/19, Use of Mobile Devices Within National Nuclear Security Administration Secure Spaces
Program Planning and Management
- DOE O 470.4B, Admin Chg 3, dated 09/23/21, Safeguards and Security Program. This order cancels DOE O 470.4B, Admin Chg 2, dated 01/17/17.