NARA weighs standardizing access rules for foreign vendors seeking secret data

A government office that oversees the policy behind a federal program to secure classified national security information held by contractors has proposed additional guidelines for how some highly sensitive data could be released to government contractors under foreign ownership or control.

The National Archives and Records Administration’s (NARA)  Information Security Oversight Office (ISOO) has proposed a rule that would standardize the process through which some categories of classified information can be released to non-U.S. contractors under a Special Security Agreement (SSA). SSAs are arrangements used by the government to mitigate the foreign ownership or control of contractors that require access to sensitive data.

The proposed rule focuses on “proscribed information” that includes Top Secret, Communications Security, Restricted Data, Special Access Program, or Sensitive Compartmented Information. Currently, there isn't a governmentwide standard for the release of those types of data to foreign controlled or owned contractors under SSAs, according to the proposed rule published in the Federal Register Nov. 30.

By executive order, the ISOO is responsible for policy oversight of the National Industrial Security Program (NISP), a partnership between the government and industry to safeguard classified information.

“The NISP was established with the goal of a single, integrated, cohesive industrial security program to both protect classified information and to preserve our nation's economic and technological interests,” William Bosanko, director of ISOO, said in an e-mail message.

Bosanko said,“While the NISP has resulted in significant improvements, the truth is that both government and industry can — and must — do better. The proposed rule was developed with input from agencies as well as industry via the National Industrial Security Program Policy Advisory Panel. This represents just one small step in our efforts to seek a more efficient and effective NISP.

The proposal would amend current federal regulations related to the NISP program. Under the proposal, departments and agencies would be required to assess whether releasing proscribed information to contractors with or in the process of getting an SSA is consistent with national security interests before authorizing access. The evaluation would be named a National Interest Determination (NID).

The NID requirement would apply to new contracts and to existing contracts when companies seek an SSA after being bought by non-U.S. organizations. Decisions would ordinarily be made within 30 or 60 days depending on the situation, according to the proposed rule.

Comments on the proposed rule are being accepted until Jan. 29, 2010.

About the Author

Ben Bain is a reporter for Federal Computer Week.

Featured

  • People
    Dr. Ronny Jackson briefs the press on President Trump

    Uncertainty at VA after nominee withdraws

    With White House physician Adm. Ronny Jackson's withdrawal, VA watchers are wondering what's next for the agency and its planned $16 billion health IT modernization project.

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.