Example: dental hygienist

Operations Security (OPSEC) Guide for Defense Contractors

DISTRIBUTION STATEMENT A: Approved for public release; distribution is unlimited Developed by: Security Office (Code 00SO) Naval Undersea Warfare Center Division Keyport Keyport, WA 98345-7610 Operations Security (OPSEC) Guide for Defense Contractors Operations Security (OPSEC) Guide for Defense Contractors (1 OCT2013) ii REVISION HISTORY Revision Date Summary of Changes N/A 10/1/2013 Original issue Operations Security (OPSEC) Guide for Defense Contractors (1 OCT2013) iii TABLE OF CONTENTS Page Revision ii Table of iii 1 Definitions.. 1 OPSEC 1 Section I: Contractor OPSEC 3 Section II: OPSEC Training 5 Section III. Contractor Developed OPSEC 5 7 10 16 16 Operations Security (OPSEC) Guide for Defense Contractors (1 OCT2013) 1 1. Purpose. This document provides Operations Security (OPSEC) guidance to Government Contractors , , corporations and businesses and independent Contractors awarded government work for Naval Undersea Warfare Center Division (NUWCDIVKPT) Keyport, Washington, and our detachments, other military facilities and installations, and aboard US Navy vessels and aircraft.

provided this guidance to ensure compliance and protection of National Security Information. 2. Definition. OPSEC is an analytical process to identify Critical Information (CI), identify threats to that CI and the related vulnerabilities and risks of exploitation to that CI, and identify, develop, and implement countermeasures to protect that CI.

Tags:

  Guidance

Information

Domain:

Source:

Link to this page:

Please notify us if you found a problem with this document:

Other abuse

Transcription of Operations Security (OPSEC) Guide for Defense Contractors

1 DISTRIBUTION STATEMENT A: Approved for public release; distribution is unlimited Developed by: Security Office (Code 00SO) Naval Undersea Warfare Center Division Keyport Keyport, WA 98345-7610 Operations Security (OPSEC) Guide for Defense Contractors Operations Security (OPSEC) Guide for Defense Contractors (1 OCT2013) ii REVISION HISTORY Revision Date Summary of Changes N/A 10/1/2013 Original issue Operations Security (OPSEC) Guide for Defense Contractors (1 OCT2013) iii TABLE OF CONTENTS Page Revision ii Table of iii 1 Definitions.. 1 OPSEC 1 Section I: Contractor OPSEC 3 Section II: OPSEC Training 5 Section III. Contractor Developed OPSEC 5 7 10 16 16 Operations Security (OPSEC) Guide for Defense Contractors (1 OCT2013) 1 1. Purpose. This document provides Operations Security (OPSEC) guidance to Government Contractors , , corporations and businesses and independent Contractors awarded government work for Naval Undersea Warfare Center Division (NUWCDIVKPT) Keyport, Washington, and our detachments, other military facilities and installations, and aboard US Navy vessels and aircraft.

2 Government Contractors are provided this guidance to ensure compliance and protection of National Security Information. 2. Definition. OPSEC is an analytical process to identify Critical Information (CI), identify threats to that CI and the related vulnerabilities and risks of exploitation to that CI, and identify, develop, and implement countermeasures to protect that CI. CI is specific facts about friendly intentions, capabilities, and activities vitally needed by adversaries for them to plan and act effectively so as to guarantee failure or unacceptable consequences for friendly mission accomplishment. CI includes those facts, which individually, or in the aggregate, reveal sensitive details about US Government and/or NUWCDIVKPT or, the contractor s Security or Operations related to the support or performance of the Statement of Work (SOW)/Performance Work Statement (PWS), and thus require a level of protection from adversarial collection or exploitation not normally afforded to unclassified information.

3 OPSEC supplements, but does not replace traditional Security practices such as Physical Security and Information Security . OPSEC is essential to ensure the initial and continued success of our mission, Operations , systems, and procedures. 3. OPSEC Applicability. The NUWCDIVKPT OPSEC Program Manager has determined that additional safeguards are essential for specific contracts, and imposes OPSEC as a requirement in addition the standard requirements for participation in the National Industrial Security Program Operating Manual (NISPOM). Contractors must adhere to the guidance stipulated in SECTIONS I and/or, II or III below when Statements of Work specify OPSEC requirements during the performance of work. The Government has determined that OPSEC is required during the performance of this contract because: a. The Contractor requires long or short-term physical access to NUWCDIVKPT, our facilities or vessels, aircraft or other government facilities, therefore the minimum OPSEC requirements specified in Section I apply.

4 This includes but is not limited to: (1) Contractor personnel who require intermittent or short-term access, such as; construction, installation and repair crews, recurring visitors, some route delivery personnel, those attending multiple meetings, conducting inspections, onsite training, or requiring physical access to other government systems, sites, vessels and/or aircraft on behalf of NUWCDIV Keyport, (Section I applies) and/or; (2) Require continuous access, such as ALL embedded Contractors , direct support personnel, maintenance and/or janitorial services and those viewing or participating in sensitive Operations , (Sections I and II apply) or; Operations Security (OPSEC) Guide for Defense Contractors (1 OCT2013) 2 (3) With direct or indirect access to Government CI; base logistics services, photography, recording, surveying, printing, graphics design, and/or reproduction services of government information or material (Section I and II apply) or; b.

5 The contract includes Government supplied material for production of sensitive unclassified material or components including: Tools, Technical Drawings and/or Technical Data, or; Military Critical Technologies List, and/or Dual-Use Technology items, including Commercial Off The Shelf (COTS) technology adapted for specific military applications. Applicable paragraphs of Section I and/or II apply where there is no specific OPSEC plan or requirements to develop one; (1) The contractor shall follow all applicable Security rules and regulations to protect its proprietary information and that of the government. Public release or release to third parties of government information provided is not authorized without government approval. c. The contract is for production of items which may have an established OPSEC plan or; Program Protection Plans and/or; when a contract includes or develops Government Critical Information.

6 Therefore, the minimum OPSEC requirements specified in Section III apply. (1) OPSEC is usually required in system acquisition ( , weapon systems, electronic countermeasures, radio transmitters, active sensors, or low observable capabilities) or sensitive activities (such as intelligence Operations or testing of foreign materials), particularly if such contracts involve special access. (2) The contractor may use or produce, Government Critical Information (CI) and/or Observables and Indicators which may lead to discovery of CI. In which case basic OPSEC awareness and measures should be implemented. d. In cases where there is question as to the proper application of elements of this Guide , the NUWDIVKPT OPSEC Program Manager should be consulted. Deviation from this guidance is not authorized without approval. The NUWCDIVKPT OPSEC Program Manager can be reached at (360) 396-5345.

7 4. Cost Associated with OPSEC Requirements. Any cost associated with compliance with these requirements shall be included in the contractor s response to the Invitation for Bids or Request For Proposal with the contractor s other cost to provide the required supply or service. Costs may include, but are not limited to, Public Key or encryption software for email communications. Operations Security (OPSEC) Guide for Defense Contractors (1 OCT2013) 3 I. GENERAL CONTRACTOR OPSEC REQUIREMENTS During the course of this contract, in addition to those restrictions, instructions and guidelines delineated in the contract Statement of Work, Contract Data Requirements List (CDRL), and/or other references provided, the contractor will adhere to the following minimum requirements in support of NUWCDIVKPT OPSEC Program: a. Introduction of personnel electronic devices into government spaces, laptops, tablet PCs, cellular phones, cameras, recording devices, and data recording/storage devices is STRICTLY controlled and forbidden in most cases.

8 Company issued equipment required for the performance of work must be approved by the NUWCDIVKPT and/or government Security Officer. Photography and recording is not allowed except for official use and by permit only. (Unless otherwise stipulated in the contract, contact the Installation Security Officer for approval.) Photographs will be reviewed by Security to ensure sensitive and/or classified information is not revealed. b. Contractor personnel shall not discuss government Operations in public or over unprotected or unencrypted communications. Official Business, controlled unclassified information may only be transmitted as directed in the SOW/PWS. c. The Contractor shall not post to company websites, publications, newsletters or other media any images, data or information that reveal sensitive government Operations , personnel, equipment, and/or classified or controlled unclassified information, refer to paragraph (d) below.

9 When in doubt, company press releases related to this contract should be coordinated through the Contracting Officer Representative (COR) or Technical Point of Contact, as applicable. d. Because observation of events, Operations , physical changes, etc. may reveal National Security information, specific restrictions are needed to preclude unintentional release of this information to unauthorized parties. (Unauthorized disclosure and transfer of National Security Information is punishable under 18 USC 793.) Therefore, contractor personnel shall not disclose to unauthorized third parties, post to unofficial sites (including Social Networking sites) any images, data or information, or observed events that reveal sensitive government Operations , personnel, equipment, including, but not limited to: (1) Tactics, techniques and procedures, production or work schedules, any visible or concealed modifications, upgrades, additions to vessels, aircraft, or weapons or equipment; increases, change, or decreases in work/deployment frequency or government personnel, vehicle, vessel or aircraft movements; specialized equipment orders, deliveries, shipments, etc.

10 , Unauthorized disclosures and attempts to solicit this type of information by unauthorized third parties or others not affiliated with this contract shall be reported to the NUWCDIVKPT and/or installation Security Office, contract point of contact, and your company Facility Security Officer and/or the Defense Security Operations Security (OPSEC) Guide for Defense Contractors (1 OCT2013) 4 Service. Non-Disclosure requirements remain in effect during the duration of this contract and indefinitely thereafter. e. Government issued badges, identification shall be removed and/or concealed from plain sight when off station and shall not be left in vehicles or unprotected. Badges and passes may not be duplicated or copied or loaned to others. Lost or stolen identification badges, vehicle passes etc. will be immediately reported to the NUWCDIVKPT and/or installation Security Office. f.


Related search queries