DEPARTMENT OF THE AIR FORCE     AFAC 92-48
Headquarters US Air Force
Washington DC  20330     MAY 17, 1995

        AIR FORCE ACQUISITION CIRCULAR

This Air Force Acquisition Circular (AFAC) is issued pursuant to the authority of FAR 1.301.  Reproduction is authorized.

POLICY CHANGES/INFORMATION

        Item    	Title 						 	Pages

Section C, Information Items

        C1      Implementation of the National Industrial Security      		C-1
                        Program Operating Manual (NISPOM)
                        (SAF/AA Memo, 17 May 1995)

Section D, FAR Changes

        D1      Class Deviation - National Industrial Security 			 D-1
                        Program Operating Manual
	          (DDP Memo, 12 May 1995; DAR Tracking Number 95-O0004)

INSTRUCTIONS

GENERAL--

File this AFAC 92-48 Index (2 pages) with the AFACs.

ITEM C1 --

GENERAL:  This AFAC item disseminates SAF/AA memorandum dated 17 May 1995.  This memorandum contains a summary of changes in the industrial security program as a result of the replacement of the DoD Industrial Security Manual (ISM) with the National Industrial Security Program Operating Manual (NISPOM).  As noted in the memorandum, certain of the security program changes resulting from the implementation of the NISPOM may result in a reduction in the cost of contractor industrial security programs.  A similar letter has been sent through security channels to MAJCOM industrial security program managers.

FILING INSTRUCTION:  File AFAC pages C-1 through C1.3 with the AFACs.

POSTING INSTRUCTIONS:  None.

MARKING INSTRUCTIONS:  None.

EFFECTIVITY INSTRUCTIONS:  This is an informational AFAC item.

                           
No. of Printed Pages: 14
OPR:SAF/AQCF
Distribution: F (Same as FAR)
2       May 17, 1995    AFAC 92-48

ITEM D1--

GENERAL: This AFAC item is a class deviation providing interim changes to the FAR to reflect the applicability of the National Industrial Security Program Operation Manual (NISPOM), which has replaced the DoD Industrial Security Manual (ISM).  Contracting officers shall include the revised clause at 52.204-2, Security Requirements, in all solicitations subject to FAR 4.404 that are issued on or after 12 May 1995.  The decision to amend existing solicitations and contracts  shall be made on a case-by-case basis in consultation with the activity security manager.  Any changes in cost resulting from the implementation of the NISPOM should be considered in accordance with paragraph (c) of the clause at 52.204-2, Security Requirements. 

FILING INSTRUCTIONS: File AFAC page D-1 with the AFACs.

POSTING INSTRUCTIONS: Insert AFAC pages as follows:

        (i) Page D-1.1/D-1.2 between FAR pages 4-2 and 4-3;

        (ii) Page D-1.3 facing FAR page 27-5; and

        (iii) Page D-1.4 facing FAR page 52-14.

MARKING INSTRUCTIONS: Annotate Deviation - AFAC 92-48, D1 in the margin at each of the following locations in the FAR:

        (i) Page 4-2 at 4.402 and 4.403;

        (ii) Page 4-3 at 4.404;

        (iii) Page 27-5 at 27.207-1(b); and

        (iv) Page 52-14 at 52.204-2.

EFFECTIVITY INSTRUCTIONS:  This AFAC item is effective from 12 May 95 until 31 May 1996, or until the FAR is revised, whichever event occurs first.
AFAC 92-48      May 17, 1995    C-1

        DEPARTMENT OF THE AIR FORCE
        WASHINGTON DC

Office of the Secretary

                                                                                MAY 17, 1995


MEMORANDUM FOR SAF/AQC

FROM:  SAF/AA

SUBJECT:        Implementation of the National Industrial Security Program                      Operating Manual (NISPOM)

     Since the NISPOM was printed and distributed in February, our contractors have been anxious to change their current contracts and adopt the new procedures.  Thank you for taking the lead in developing the Air Force approach and proposing and staffing necessary changes to the Defense Acquisition Regulations. Your prompt action has helped shorten the time it will take for these new security procedures to be implemented.

     Your action officers asked for a summary of differences between the NISPOM and the Defense Industrial Security Manual. We have attached a list prepared by the Defense Investigative Service. This list has also been provided to our MAJCOM industrial security program managers. If there is any other information or assistance we can provide to help you with implementation of the NISPOM, please contact me or my Industrial Security POC, Mr. Gene White at extension 70483.


                                                                /s/
                                                                WILLIAM A. DAVIDSON
                                                                Administrative Assistant


Atch: NISPOM/DISM Differences
AFAC 92-48      May 17, 1995    C-1.1

Although the following list does not include all differences between the NISPOM and the DISM, these are the more significant changes. Those changes that might result in a reduction of contractor costs are identified by an asterisk.


1-101a - Identifies E.O. 12829 as establishing the National Industrial Security Program (NISP).

1-101b - Changes responsibility from DUSD(SP) to SECDEF.  DoE, NRC, and CIA remain responsible for portions applying to their programs.

l-104a - Introduces the term Cognizant Security Agency (CSA) - DoD, DoE, NRC or CIA.

1-201 - Deletes wording that places security responsibility on SeniorManagement Officials.

1-107 - Requests for waivers and exceptions must be submitted through government channels approved by the CSA.

*1-202 - SPP only required when FSO and/or CSO determine it to be necessary.

1-207 - Changes security inspections to security reviews.

*l-207a1 - Security reviews will be no more frequent than once every 12 months unless special circumstances exist.

*l-207a3 - Establishes Reciprocity - Attempts to eliminate instances of redundant security reviews.

*3-102 - Only FSOs at facilities with storage capability are required to attend the FSO program management course. FSO training is to be accomplished within one year.

3-103 - Establishes the requirement for the SF 312 (Classified Information Nondisclosure Agreement) to be executed, witnessed and forwarded to the CSA for retention.

4-200 - The following warning notice marking paragraphs have been deleted: restricted data notice; formerly restricted data notice; critical nuclear weapon design information; dissemination and reproduction notices; foreign government information; NATO; and intelligence information.

4-210 - The requirements to mark paragraph portions on the following special types of material paragraphs have been deleted: artwork; charts, maps, drawings, and tracings; decks of automated information systems punched cards; continuous form (fan folded or rolled) documents produced by AIS equipment; motion picture films; photographs; recordings; removable AIS storage media; and transparencies and slides.

5-100 - Adds statement that individuals are responsible for safeguarding classified information entrusted to them thus eliminating the need for the  
C-1.2   May 17, 1995    AFAC 92-48

"old" ISM paragraphs addressing safeguarding during use and responsibility of custodians.

*5-102 - Deletes the requirements for the end of day "double check" system.

5-100 - The requirements for removal to residence and safeguarding bulky material have been deleted from this paragraph.

*5-201 - Eliminates the document accountability system for secret material but requires that an information management system be established that is capable of retrieving and disposing of classified material in a reasonable period of time.

5-202- Establishes requirement for external receipt and dispatch records for secret and confidential material.

5-203a - Establishes requirement for the designation of a top secret control official to receive, transmit, and maintain access and accountability records for top secret material.  Establishes requirement for annual inventory of top secret which can be waived by the GCA.

*5-205a - Eliminates the requirement to maintain a record of secret documents generated by the contractor (secret working papers).

5-701a - Increases the authorized retention period from 120 days to 180 days if a bid, proposal or quote is not submitted or withdrawn.

5-701b - Increases the authorized retention period from 120 days to 180 days after notification that a bid, proposal or quote has not been accepted.

5-701c - Increases the authorized retention period from 120 days to 2 years after final delivery of goods and service or after completion or termination of the classified contract.

5-701d - Increases the authorized retention period from 120 days to one year if the classified material was not received under a specific contract.

5-702 - Allows automatic 2 year retention of classified material after completion of the contract unless the GCA advises to the contrary.

*5-702a(2) - Establishes the requirement that secret and confidential material may be identified for retention by general subject and number of copies.

5-702b - Deletes the requirement to submit a copy of the retention justification correspondence to both UAs when transferring material to another contract.

5-705 - Deletes the requirement for CSO written approval for destruction other than by burning. NISPOM only requires the approval of the CSA for destruction of classified material in microfilm by any means other than burning or chemical decomposition.
AFAC 92-48      May 17, 1995    C-1.3

*5-706 - Decreases the number of persons required for the destruction of secret material from two to one.

*5-707 - Eliminates the requirement for destruction records for secret material.  Also decreases the retention period of top secret records from 3 years to 2 years.

*7-102b - Increases the period that facility clearances and safeguarding capability verifications remain valid from 1 year to 3 years.

7-100 - The ISM section, Preparation of the DD Form 254, has been removed from this chapter.
AFAC 92-48      May 17, 1995    D-1


        OFFICE OF THE UNDER SECRETARY OF DEFENSE

        3000 DEFENSE PENTAGON
        WASHINGTON DC 20301-3000

                                                                                MAY 12, 1995

DP (DAR)
                                                        In reply refer to
                                                DAR Tracking Number: 95-O0004

MEMORANDUM FOR DIRECTORS OF DEFENSE AGENCIES
                        DEPUTY FOR ACQUISITION AND BUSINESS                         MANAGEMENT, ASN(R&D) / ABM
                                DEPUTY ASSISTANT SECRETARY OF THE AIR FORCE                               (CONTRACTING), SAF/AQC
                        DIRECTOR, PROCUREMENT POLICY, ASA (RD&A) /
                                  SARD-PP 
                                DEPUTY DIRECTOR (ACQUISITION), DEFENSE                                                     LOGISTICS AGENCY

SUBJECT:        Class Deviation - National Industrial Security Program                  Operating Manual


      Effective immediately, all military departments and defense agencies shall use the attached text and clause that replaces all references to the DoD Industrial Security Manual for Safeguarding Classified Information (DoD 5220.22-M) with the National Industrial Security Program Operating Manual (NISPOM).

      The National Industrial Security Program was established by Executive Order 12829.  The operating manual for the program replaces the DoD Industrial Security Manual.

      This class deviation is approved for a one year period ending May 31, 1996, or until the FAR is revised, whichever event occurs first.


                                                                Signed
                                                                Eleanor R. Spector
                                                                Director, Defense Procurement

Attachment

cc:  DSMC, Fort Belvoir
AFAC 92-48      May 17, 1995    D-1.1

        PART 4 -- ADMINISTRATIVE MATTERS

        *****

        SUBPART 4.4--SAFEGUARDING CLASSIFIED INFORMATION WITHIN INDUSTRY

4.401 Definitions.
        No change.

4.402  General. 

  (a) [Executive Order 12829, January 6, 1993 (58 FR 3479, January 8, 1993), entitled National Industrial Security Program,  establishes a program to safeguard Federal Government classified information that is released to contractors, licensees, and grantees of the United States Government. Executive Order 12829 amends] Executive Order 10865, February 20, 1960 (25 FR 1583, February 25, 1960), entitled "Safeguarding Classified Information Within Industry," as amended by Executive Order 10909, January 17, 1961 (26 FR 508, January 20, 1961).

  (b) The [National Industrial Security Program Operating Manual (NISPOM) incorporates] the requirements of these Executive Orders  [The Secretary of Defense in consultation with all affected agencies and with the concurrence of the Secretary of Energy, the Chairman of the Nuclear Regulatory Commission and the Director of Central Intelligence is responsible for issuance and maintenance of this manual.] The following DoD publications implement the program:

        [(1) National Industrial Security Program Operating Manual (NISPOM) (DoD 5220.22-M)]

        ([2]) Industrial Security Regulation (ISR) (DoD 5220.22-R).

          (c) Procedures for the protection of information relating to foreign classified contracts awarded to U.S. industry, and instructions for the protection of U.S. information relating to classified contracts awarded to foreign firms, are prescribed in [Chapter 10 of the NISPOM].

  (d) No Change.

4.403  Responsibilities of contracting officers. 

  (a) No change.

        (1) No change.

                (i) Determine if the agency is covered by the [N]ISP; and

                (ii) No change.

        (2) No change.
 
  (b) No change.

        (1) Ensure that the classified acquisition is conducted as required by the [N]ISP or agency procedures, as appropriate; and  
D-1.2   May 17, 1995    AFAC 92-48


      (2) No change.

  (c) No change.

      (1) Agencies covered by the D[N]ISP shall use the Contract Security Classification Specification, DD Form 254.  The contracting officer, or authorized representative, is the approving official for the form and shall ensure that it is prepared and distributed in accordance with the ISR.

      (2) Contracting officers in agencies not covered by the [N]ISP shall follow agency procedures.

4.404  Contract clause. 

  (a) through (c) - No change.

  (d) If the contracting officer(sic - should still be agency) is not covered by the [N]ISP and has prescribed a clause and alternates that are substantially the same as those at 52.204-2, the contracting officer shall use the agency-prescribed clause as required by agency procedures.
D-1.3   May 17, 1995    AFAC 92-48


        PART 27 -- PATENTS, DATA, AND COPYRIGHTS

        *****

        SUBPART 27.2 -- PATENTS

        *****

27.207  Classified contracts. 

27.207-1  General. 

  (a) No Change.

  (b) Upon receipt from the contractor of a patent application, not yet filed, that has been submitted by the contractor in compliance with paragraph (a) or (b) of the clause at 52.227-10, Filing of Patent Applications--Classified Subject Matter, the contracting officer shall ascertain the proper security classification of the patent application.  Upon a determination that the application contains classified subject matter, the contracting officer shall inform the contractor of any instructions deemed necessary or advisable relating to transmittal of the application to the United States Patent Office in accordance with procedures in the [National Industrial Security Program Operating] Manual.  If the material is classified "Secret" or higher, the contracting officer shall make every effort to notify the contractor of the determination within 30 days, pursuant to paragraph (a) of the clause.

AFAC 92-48      May 17, 1995    D-1.4


        *****

        PART 52 -- SOLICITATION PROVISIONS AND CONTRACT CLAUSES

        *****

52.204-2  Security Requirements 

        As prescribed in 4.404(a), insert the following clause in solicitations and contracts when the contract may require access to classified information, unless the conditions specified in 4.404(d) apply:

        SECURITY REQUIREMENTS (APR 1984) [(DEVIATION)]

        (a) No change.

        (b) The Contractor shall comply with (1) the Security Agreement (DD Form 441), including the [National] Industrial Security [Program Operating] Manual (DoD 5220.22-M), and (2) any revisions to that manual, notice of which has been furnished to the Contractor.

        (c) No Change.

        (d) No change. 

(End of clause)