NARA weighs standardizing access rules for foreign vendors seeking secret data

A government office that oversees the policy behind a federal program to secure classified national security information held by contractors has proposed additional guidelines for how some highly sensitive data could be released to government contractors under foreign ownership or control.

The National Archives and Records Administration’s (NARA)  Information Security Oversight Office (ISOO) has proposed a rule that would standardize the process through which some categories of classified information can be released to non-U.S. contractors under a Special Security Agreement (SSA). SSAs are arrangements used by the government to mitigate the foreign ownership or control of contractors that require access to sensitive data.

The proposed rule focuses on “proscribed information” that includes Top Secret, Communications Security, Restricted Data, Special Access Program, or Sensitive Compartmented Information. Currently, there isn't a governmentwide standard for the release of those types of data to foreign controlled or owned contractors under SSAs, according to the proposed rule published in the Federal Register Nov. 30.

By executive order, the ISOO is responsible for policy oversight of the National Industrial Security Program (NISP), a partnership between the government and industry to safeguard classified information.

“The NISP was established with the goal of a single, integrated, cohesive industrial security program to both protect classified information and to preserve our nation's economic and technological interests,” William Bosanko, director of ISOO, said in an e-mail message.

Bosanko said,“While the NISP has resulted in significant improvements, the truth is that both government and industry can — and must — do better. The proposed rule was developed with input from agencies as well as industry via the National Industrial Security Program Policy Advisory Panel. This represents just one small step in our efforts to seek a more efficient and effective NISP.

The proposal would amend current federal regulations related to the NISP program. Under the proposal, departments and agencies would be required to assess whether releasing proscribed information to contractors with or in the process of getting an SSA is consistent with national security interests before authorizing access. The evaluation would be named a National Interest Determination (NID).

The NID requirement would apply to new contracts and to existing contracts when companies seek an SSA after being bought by non-U.S. organizations. Decisions would ordinarily be made within 30 or 60 days depending on the situation, according to the proposed rule.

Comments on the proposed rule are being accepted until Jan. 29, 2010.

About the Author

Ben Bain is a reporter for Federal Computer Week.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.