U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Breadcrumb

  1. Home
  2. Opog
  3. Directives

Was this page helpful?

DIRECTOR FOR SECURITY

E-mail a link to this directive

Number: 

DOO 20-6

                                                                                                                                                                                                                                           
                                                                                                                                                                                                                                        Effective Date: 

2024-08-15

 

SECTION 1.  PURPOSE.

.01          This Order prescribes the functions and responsibilities of the Office of Security (OSY). (The position of Director for Security is authorized in DOO 10-5, “Chief Financial Officer and Assistant Secretary for Administration.”)

.02          This revision: 

a.            Reflects the revised organization of OSY by renaming the Security and Emergency Management Division (SEMD) to the Continuity, Policy, and Operations Division (CPOD) and realigning the Herbert C. Hoover Building (HCHB) Security Office under Client Security Services.

b.             Clarifies OSY’s direct management of security and law enforcement at National Institute of Standards and Technology (NIST) and other operating units.

SECTION 2.  STATUS AND LINE OF AUTHORITY.

.01           The Office of Security, a Departmental office, is headed by a Director, who reports to and is responsible to the Deputy Assistant Secretary for Intelligence and Security, who in turn, reports and is responsible to the Chief Financial Officer and Assistant Secretary for Administration (the Assistant Secretary).

.02           The Director shall be assisted by a Deputy Director who shall participate with the Director in management of activities of OSY and who shall perform all functions and duties of the Director in his/her absence. In the absence of both the Director and Deputy Director, the Director for Client Security Services shall perform all functions and duties of the Director.

.03          The head of each primary operating unit of the Department is responsible for ensuring the security of the personnel, facilities, property, information, and assets of their respective organizations in accordance with applicable laws, regulations, Executive Orders (E.O.s), and directives.  The head of each primary operating unit is responsible for ensuring implementation of this Order for constituent operating units under their purview.  The Director shall serve as the head of Departmental offices and as the security officer for the Office of the Secretary, which for purposes of administering the Department’s security programs is subject to policy and procedural requirements of operating units.  The Director is responsible for advising and assisting heads of such operating units and Departmental offices.  However, the Director will provide security services, including law enforcement, based on a risk determination and/or when it is more operationally efficient, practical, or economical to consolidate them at the Department level.

.04           Departmental facility and senior office managers are responsible for ensuring the security of the personnel, facilities, property, information, and assets of their respective facilities in accordance with applicable laws, regulations, E.O.s, and directives.  Security officers providing client security services to primary operating units will assist facility managers in carrying out these responsibilities.

.05          The Director will head the Department’s Security Council composed of representatives from each operating unit. The representatives will communicate security requirements from their respective operating units, exchange security-related information, and coordinate security services. Designating an employee to assist in performing security activities will not relieve the primary operating unit head, senior facility manager, or servicing security officer of their responsibilities.

.06           The Director may redelegate the authority prescribed by this Order to designated personnel in OSY and to the primary operating units of the Department.

SECTION 3.  FUNCTIONS.

.01            Pursuant to the authority delegated to the Assistant Secretary in DOO 10-5, and subject to such policies and directives as the Assistant Secretary or Deputy Assistant Secretary for Intelligence and Security may prescribe or other delegations by the Secretary, the Director is hereby delegated the following authorities:

a.              Execute Department-wide staff management responsibility for establishing policies and procedures for: personnel security; industrial security; the safeguarding of classified national security information (NSI), and Sensitive Compartmented Information (SCI) and documents; Sensitive Compartmented Information Facilities (SCIF); protection of Department personnel, facilities, property, assets and activities; security risk assessments; continuity programs, emergency actions and preparedness; physical security; communications security; operations security; foreign access management; research security; security education, awareness, and training; and compliance with security policies and procedures.

b.              Provide services in the functional areas, outlined in subparagraph a. above, as required by the Office of the Secretary and all Department organizations and personnel.

c.              Coordinate, establish, and maintain a Departmental Occupant Emergency Program (OEP) in accordance with the provisions of the General Services Administration's (GSA) Federal Management Regulations (FMR 102-74.230 to 102-74.260) at 41 CFR 102-74.230 to 102-74.260 pertaining to the OEP.

d.              Serve as the principal Departmental official for coordinating and assisting in the establishment and continuation of a Department-wide emergency action program, to include emergency management, particularly as applicable to the requirements of E.O. 12656, Assignment of Emergency Preparedness Responsibilities.

e.              Serve as the principal Departmental official for matters involving security.

f.              Serve as Department’s senior official tasked with ensuring implementation and compliance with E.O. 12977, Interagency Security Committee (ISC), and the Department's support of Facility Security Committees, when applicable, in the performance of their duties.

g.               Conduct administrative investigations, solely as authorized under the authorities, functions, and responsibilities of OSY.

h.              Carry out and ensure compliance with delegated protective security services and law enforcement functions and ensure acceptable levels of law enforcement proficiency in connection with the protection of specific buildings, grounds, and property owned or occupied by the Department and only to the extent lawfully authorized, and by Delegation of Authority from the Department of Homeland Security to the Secretary pursuant to 40 U.S.C. § 1315.

i.             Directly manage the law enforcement and security programs of NIST, as such management is more operationally efficient, practical or economical to do so than any other alternative, in accordance with Section 2.03 of this DOO.

j.             Provide support to the Department’s facility managers on security matters related to facility management and provide advice and assistance to facility management staff as required for security purposes.

k.              Develop and establish site and/or operating unit specific security policies and procedures in support of delivery of client security services, consistent with Departmental security manuals, policy memorandums and directives.

l.                Carry out and ensure compliance with special security programs through designations of Special Security Officers (SSO), Special Security Representatives (SSR) and SCIF Control Officers (SCO) related to SCI and SCIFs in accordance with applicable Intelligence Community Directives (ICD), Intelligence Community Standards (ICS), and other special security policies, memoranda of agreement, and successor policies.

SECTION 4.  SPECIFIED AUTHORITY.

.01             In addition to the authority implicit in and essential to carrying out the functions hereby assigned, the Director shall:

a.               Ensure effective implementation of E.O. 13526, Classified National Security Information, as amended, or successor policy, as the senior agency official designated by the Secretary of Commerce (the Secretary) under the provisions of § 5.4(d) of that E.O. 

b.               Ensure effective implementation of E.O. 12968, Access to Classified Information, or successor policy, as the senior agency official designated by the Secretary under the provisions of § 6.1(a) of that E.O.

c.               Ensure effective implementation of National Security Presidential Memorandum (NSPM) 28, The National Operations Security Program, as the Departmental planner for operations security.

d.               Ensure effective implementation of E.O. 12829, National Industrial Security Program, or successor policy, as the senior agency official to direct and administer the Department’s implementation of and compliance with the National Industrial Security Program.

e.               Ensure the Department’s compliance with E.O. 10450, as amended, Security Requirements for Government Employment, and 5 CFR Part 732, National Security Positions, relating to investigative requirements and consultation on position designations.

f.                Ensure the Department’s compliance with E.O. 13467, as amended, Reforming Processes Related to Suitability for Government Employment, Fitness for Contractor Employees, and Eligibility for Access to Classified National Security Information.

g.               Ensure the Department’s compliance with E.O. 13488, as amended, Granting Reciprocity on Excepted Service and Federal Contractor Employee Fitness and Reinvestigating Individuals in Positions of Public Trust, or successor policy.

h.               Ensure effective implementation of Presidential Policy Directive 19 (PPD-19), Protecting Whistleblowers with Access to Classified Information, so that employees who have access to classified information can effectively report waste, fraud, and abuse, while protecting classified information.

i.                Coordinate with Office of the Chief Information Officer and pursuant to DOO 15-23, on the effective implementation of E.O. 13556, November 4, 2010, Controlled Unclassified Information, or successor policy.

j.                Ensure effective implementation of ICD, ICS, and other special security program agreements, policies and successor policies in coordination with the Department’s designated IC Cognizant Security Authority and Accrediting Official.

k.               Ensure effective support for the implementation of E.O. 13587, Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information; assisting the senior agency official designated by the Secretary under the provisions of § 2.1 of that E.O. to oversee classified information sharing and safeguarding efforts of the Department; and support to Departmental programs implementing the National Insider Threat Policy.

l.                Ensure effective support for E.O. 12656, Assignment of Emergency Preparedness Responsibilities, as the Department’s designated lead agent assisting the Emergency Coordinator, and responsible for developing and maintaining a multi-year, national security emergency preparedness plan for the department or agency to include objectives, programs, and budgetary requirements.

m.              Ensure effective implementation of and compliance with NSPM 33, which purpose is to strengthen protections of United States Government-Supported Research and Development (R&D) against foreign government interference and exploitation, or successor policy.

n.             Ensure effective implementation of PPD-40, National Continuity Policy, which directs the Secretary of Homeland Security through the Administrator of the Federal Emergency Management Agency (FEMA), through guidelines set forth in Federal Continuity Directive 1 (FCD-1), Federal Executive Branch National Continuity Program and Requirements, to assist the Department’s Continuity Coordinator, as the lead agent for the Department and primary point of contact with FEMA National Continuity Programs Directorate for Department continuity program matters.

o.            Ensure the effective implementation of NSPM 32, Presidential Critical Information Requirements.   

p.            Ensure effective implementation of E.O. 12977, Interagency Security Committee, as the Department’s Senior Official regarding the implementation and compliance with the Order. 

q.            Ensure effective implementation of authorities, such as protective security or law enforcement authorities, delegated by the Secretary of Homeland Security for the protection of public property pursuant to 40 U.S.C. § 1315. 

r.             Effectively implement and ensure compliance with security and law enforcement requirements, as applicable, of Chapter 1 of Title 10 of the Code of Federal Regulations for access to, and the protection of, safeguards information (SGI), safeguards information-modified handling (SGI-M) and nuclear and radioactive materials at DOC research and test reactors.

SECTION 5.  ORGANIZATION.

.01        The Director shall advise and represent the Deputy Assistant Secretary for Intelligence & Security on policies and procedures for operations and activities of the Department and provide guidance and assistance to Departmental offices and operating units on the protection of personnel, facilities, property, assets, and activities as well as classified and sensitive information.  Except for those functions maintained in the immediate Office of the Director, the functions of OSY shall be organized and carried out under the direction and supervision of the Director through the following security components:

a.          The Information Security Division consists of the Information and Special Security programs. Responsibilities include the management and oversight of all Departmental policies and procedures relating to the handling and safeguarding of classified NSI in accordance with E.O. 13526, as amended; management and oversight of the protection of SCI and SCIFs in accordance with ICDs and Standards, and other applicable laws, E.O.s, directives, regulations, and agreements; developing and implementing security awareness training; overseeing administrative investigations relating to violations of Department policies on safeguarding classified NSI on behalf of the Director for Security; overseeing the Department Industrial Security Program; overseeing the Department’s Foreign Travel Briefing program; overseeing the Department’s Operations Security program; and providing guidance and oversight of Departmental Communications Security through the implementation of the policies and procedures required to protect and use cryptographic keying material and equipment.

1.         The Information Security Program staff establish, implement and maintain policies, procedures and oversight for the safeguarding of collateral classified NSI.  Functions include: developing, coordinating and disseminating all Departmental policies and procedures related to the handling and safeguarding of classified NSI; Mandatory Declassification Review; developing professional standards and comprehensive national security information education and awareness program activities to enhance employee knowledge of classified NSI requirements, including personal protection, proper management of classified and sensitive information, and means of countering threats to Departmental facilities and personnel; conduct administrative investigations; administer the provisions of the National Industrial Security Program as set forth in the 32 CFR Part 117, National Industrial Security Program Operations Manual; managing the Department’s Foreign Travel Briefing program by developing and providing defensive foreign travel briefings to covered individuals within the Department; administers the Department’s OPSEC program and assist operating units with OPSEC program development and maintenance; and provide oversight of Departmental Communications Security through the implementation of the policies and procedures required to protect and use cryptographic keying material and equipment.  Program staff also maintain liaison with operating unit program managers during the contract, award, and grant process where performance will be accomplished by classified contractors who require access to classified information, and coordinate Facility Clearance status.

2.         The Special Security Program staff establish, implement and maintain policies, procedures and oversight of the protection of SCI material and SCIFs.  Functions include, but are not limited to, SCIF oversight and management and the delegation of daily SCIF management; SCI indoctrination briefings and SCI debriefings; SCI and SCIF security awareness training; liaising with SCIF Accreditation Official on SCIF and SCI security matters; overseeing or conducting annual SCIF inspections; transmitting and processing SCI access information for incoming or outgoing visit requests; and ensuring Department compliance with ICD security doctrine.

b.         The Personnel Security Division consists of Personnel Security Program.  Responsibilities include: receiving and processing requests for personnel security clearances for job applicants, employees, and other individuals requiring access to classified national security information at any Department location worldwide; receiving and processing requests for access to SCI in coordination with the IC Cognizant Security Authority; requesting investigations for security clearances in accordance with E.O. 10450, as amended, E.O. 12968 and 5 CFR Chapter 1, Parts 731, 732, and 736; reviewing the closed investigation received from the Investigation Service Provider and determine if a favorable adjudication can be made in connection with the issuance of certificates of security clearance, the imposition of security restrictions on individuals, and other decisions affecting security clearances; taking action as appropriate, on withholding or withdrawing the security clearance of job applicants, employees, contractors, grantees, or other individuals, and, for employees, recommending action under the provisions of 5 U.S.C. § 7312 and 7531-32 and E.O.s 12968 and 10450, as amended; as requested by responsible Department officials, assisting in the verification, review and evaluation of adverse information concerning Department employees, job applicants, and other individuals for the purpose of making suitability determinations (in accordance with 5 CFR Part 731) and Security Executive Agent Directives (SEADs), established by the Director of National Intelligence as Security Executive Agent for uniform policies and procedures governing the conduct of investigations and adjudications for eligibility for access to classified information; and reviewing, evaluating, and taking appropriate action under the provisions of E.O. 10450, as amended, and E.O. 12968, with regard to any notifications of investigation of employee misconduct received by the Director from the Office of Inspector General.

c.         The Continuity, Policy, and Operations Division consists of the Continuity Policy, Operations, and Mission Resilience programs. Responsibilities include: managing the Department National Operations Center housed in the HCHB; overseeing the Occupant Emergency Program for the Department; assisting with the Department’s continuity missions by supporting the Continuity of Government and Continuity of Operations essential functions as required by PPD-40, FCD-1, FCD-2, and NSPM-32 while also facilitating the involvement of the Department’s leadership in interagency senior level exercises associated with the National Exercise Program; supporting mission resilience through interagency policy coordination and incident management, and ensuring the viability of continuity plans through the oversight of the Test, Training, and Exercise (TT&E) program.

d.         Client Security Services consists of the Herbert C. Hoover Building (HCHB) Security Office and all other OSY security offices reporting to the Director for Client Security Services.

1.         The Herbert C. Hoover Building (HCHB) Security Office staff establish and maintain HCHB security procedures including oversight of the HCHB protective services; install, operate and maintain electronic security systems (i.e. Physical Access Control Systems, Intrusion Detection Systems, and Video Surveillance Systems); coordinate security for non-standard building events; maintain a Security Operations Center; maintain a service center to provide fingerprinting services; issue Homeland Security Presidential Directive 12 (HSPD-12) compliant Personal Identity Verification Cards and lifecycle management services; perform key and lock services; process foreign national visitor requests; assist with protective operations for visiting dignitaries in HCHB; oversee the HCHB Occupant Emergency Plan; oversee response and follow- up to building incidents; and conduct crime prevention programs and implementation of procedures to protect persons and property.

2.         The OSY security offices staff shall be responsible for conducting risk assessments at Department owned or leased properties; providing security program management and oversight to operating units including implementing and maintaining a program of reviews, in conjunction with the Plans, Programs and Compliance Division, throughout the Department to ensure appropriate compliance with all security policies promulgated by OSY; providing special security officer, special security representative, and site security manager functions, as delegated, related to the implementation of the special security program and the daily management of SCIFs; coordinating searches pursuant to written Department policy and as required of the OSY Police Services Group pursuant to Section 3.01. of this DOO, evacuations, and other procedures to protect persons, property and information; overseeing the emergency responses of security incidents at all Departmental facilities and coordinating with operating units when appropriate; conducting initial inquiries when a potential violation of security policies or procedures has been reported, and, if verified, conducting follow-on administrative investigations; conducting a comprehensive security education and awareness program to enhance employee knowledge of security requirements; facilitating requests for personnel security clearances for job applicants, employees, and other individuals requiring access to classified national security information at any Department location worldwide; facilitating requests for access to SCI in coordination with the OSY Personnel Security Division; reviewing background investigations for fitness determinations for Department contractors; processing access requests for foreign national visitors and guests in accordance with DAO 207-12; and providing other security services as prescribed in section 2.03 of this Order based on a risk determination and/or when it is more operationally efficient, practical, or economical to consolidate them at the Department.  Staff also support the delivery of services to the International Trade Administration, United States and Foreign Commercial Service; and, in conjunction with the Department of State, coordinates the provisions of all State-Commerce security agreements.

e.         The Project and Administrative Management Division and its related program staff provide strategic solutions for Departmental issues including budget, personnel, training, procurement, property management, and administration support to enable OSY to perform its functions more efficiently.

f.          The Plans, Programs and Compliance Division and its related support and program staff: manages the Department’s physical security programs; provides oversight of a comprehensive security compliance and inspection program responsible for ensuring proper alignment with Federal security requirements (e.g. E.O. 12977, Interagency Security Committee and 41 C.F.R. Parts 102-72 and 102-81) and other stakeholder guidelines; manages the Department’s foreign access management and research security programs; coordinates the development and updates to policies/procedures, performance metrics, non- financial internal controls, and responses to Freedom of Information Act as well as Privacy Act requests; conducts periodic compliance reviews of all open administrative investigations; develops a training program that ensures personnel engaging in administrative investigations receive appropriate training on records procedures, and regular training on civil rights, civil liberties, privacy and data collection, implicit bias, and related issues; ensures that all data relating to administrative investigations is collected, retained, and destroyed in accordance with applicable laws and regulations; ensures, in collaboration with the Department’s Office of Privacy and Open Government, that appropriate Privacy Act systems of records are established and records retention schedules are developed.

1.          The Physical Security Program staff coordinates physical security initiatives related to HSPD-12 regarding policies for a common identification standard for Federal employees and contractors; administers the official badge and credential program; ensures compliance with Federal standards and regulations regarding the physical protection of the agency’s facility, property, and personnel assets; evaluates and certifies risk assessment surveys; prioritizes the physical security effort; and provides guidance to facility security assessors and senior leadership to ensure countermeasure recommendations are in concurrence with the ISC Risk Management Process.

SECTION 6.  EFFECT ON OTHER ORDERS.

.01          This Order supersedes Department Organization Order 20-6, dated November 30, 2022.

.02          Nothing in this Order shall have the effect of, or be construed as, an exception to the responsibility and authority of the Office of the General Counsel under DOO 10-6, “Office of the General Counsel” for policy and operating guidance on legal matters.  With respect to such security matters that involve legal issues, the Director for Security shall consult with the Office of the General Counsel.

.03          Nothing in this Order shall have the effect of, or be construed as, an exception to the responsibility and authority of the Department's Office of Inspector General under DOO 23-1, “Office of the Inspector General” to conduct investigations to prevent and detect fraud, waste, and abuse.  With respect to such security matters that involve such issues, the Director for Security shall consult with the Office of Inspector General, which has the right of first refusal in investigating allegations involving any Department employee, contractor, or grantee.

 

Signed By: Chief Financial Officer and Assistant Secretary for Administration