Classified Information and Personnel Security Clearances

I. SCOPE

This policy applies to every employee, student, and consultant of George Mason University working in classified research or otherwise involved with classified materials.

II. POLICY STATEMENT

George Mason University has entered into a legal and binding agreement with the U.S. Government which makes us eligible to perform work on classified contracts for certain agencies of the government and for prime contractors doing business with the government. Work of this nature may involve information, material and knowledge which has a direct bearing on the defense of the nation.

The purpose of this policy is to assure compliance with all laws and regulations governing the use of classified materials.  The rules, guidelines and instructions contained in the procedures section have been developed to assure that all members of the university adhere to the agreement by affording proper protection for all classified information entrusted to us.

No employee or official of this University will be granted access to classified information because of his/her position.  Certain employees and officials will be officially cleared for access to classified information based on work they are expected to perform in conjunction with classified contracts or sub-contracts.

Employees and officials who have been granted security clearances are the only individuals who will be granted access to classified information.

Employees and officials who have been granted security clearances will be subject to continued investigation to detect, deter and mitigate the risk of an insider threat.

No uncleared employee shall make any effort to gain knowledge of classified information and if such knowledge is made available he/she shall report such facts immediately to the Facility Security Officer.

No classified research may be conducted at any university facility, nor can discussions of a classified nature be held anywhere on university property without advance coordination with the Facility Security Officer.

III. DEFINITIONS

Access– The ability and opportunity to obtain knowledge of classified information.
Authorized Persons – A person who has a need-to-know for classified information in the performance of official duties and who has been granted a clearance at the required level.
Classified Contract – Any contract requiring access to classified information by a contractor or his or her employees in the performance of the contract. (A contract may be a classified contract even though the contract document is not classified.) The requirements prescribed for a “classified contract” also are applicable to all phases of precontract activity, including solicitations (bids, quotations, and proposals), precontract negotiations, and post-contract activity
Classified Information – Official information that has been determined to require protection against unauthorized disclosure in the interest of national security and which has been so designated.
Confidential – The classification level applied to information, the unauthorized disclosure of which reasonable could be expected to cause damage to the national security.
Contractor – Any industrial, educational, commercial, or other entity that has been granted a facility security clearance by a cognizant security agency.
Information – Any knowledge that can be communicated or documentary material, regardless of its physical form or characteristics.
Insider –  Cleared contractor personnel authorized access to any Government or contractor resource, including personnel, facilities, information, equipment, networks, and systems.
Insider Threat –  The likelihood, risk, or potential that an insider will use his or her authorized access, wittingly or unwittingly, to do harm to the national security of the United States.  Insider threats may include harm to contractor or program information, to the extent that the information impacts the contractor or agency’s obligations to protect classified national security information.
Material – Any product or substance on or in which information is embodied.
National Industrial Security Program Operating Manual (NISPOM) 37 CFR 117 – This manual implements the National Industrial Security Program by prescribing the requirements, restrictions and other safeguards to prevent unauthorized disclosure of classified information.
Need-to-know – A determination made by an authorized holder of classified information that a prospective recipient has a requirement for access to, knowledge, or possession of the classified information to perform tasks or services essential to the fulfillment of a classified contract or program.
Secret Information – The classification level applied to information, the unauthorized disclosure of which reasonably could be expected to cause serious damage to the national security.
Security – Refers to the safeguarding of information classified Top Secret, Secret or Confidential against unlawful or unauthorized dissemination, duplication or observation.
Standard Practice Procedure (SPP) – A document(s) prepared by a contractor that implements the applicable requirements of this manual for the contractor’s operations and involvement with classified information at the contractor’s facility.
Top Secret – The classification level applied to information, the unauthorized disclosure of which reasonable could be expected to cause exceptionally grave damage to the national security.
Unauthorized Person – A person not authorized to have access to specific classified information in accordance with the provisions of the NISPOM.

IV. RESPONSIBILITIES

Policy Administrator: The University’s Facility Security Officer, is responsible for administering this policy. Specific details of the role of the Facility Security Officer are provided below.

Managers: Management at every level is responsible for supporting and enforcing all aspects of this security program.  All management decisions relating to security shall be coordinated through the appointed Facility Security Officer.  No uncleared official of this University shall have the authority to over-ride the appointed Security Officer on matters relating to the Security Program.

Facility Security Officer: The appointed Facility Security Officer shall be responsible for all aspects and phases of the Industrial Security Program at George Mason University. The Facility Security Officer will:

1. Have unrestricted access to all company officials on matters relating to the security program.

2. Become thoroughly familiar with the National Industrial Security Program Operating Manual (NISPOM) and maintain close liaison with the Cognizant Security Office and specifically the Industrial Security Representative(s) who visit the University.

3. Issue necessary updates and changes to these instructions to assure that they remain current at all times.

4. Establish necessary procedures to assure that all reports required by §117.8 of the NISPOM are submitted on a timely and accurate basis.

5. Make periodic in house inspections and surveys to assure that our security program is effective and that employees’ security education is at an acceptable level.

6. Be responsible for the Security Clearance Program to include timely submission of clearance applications, appropriate security briefings and debriefings as well as proper maintenance of all security files and records.

7. As appropriate, establish necessary procedures and techniques to assure that all classified material is properly recorded, stored, protected and accounted for.

8. Conduct a self-inspection program for the purpose of evaluating all security procedures applicable to the facility’s operations. Schedule a formal self- inspection so as to occur at a reasonable interval, i.e., midway between regularly scheduled government inspections conducted by the cognizant security office.  Self-inspections shall consist of an audit of all of the facility’s operations in light of its SPP and the requirements of the NISPOM for Safeguarding classified information.  As a minimum, self-inspection will include all elements normally inspected by the cognizant security office.  Deficiencies identified as a result of self- inspections shall be corrected as expeditiously as possible.  The University shall maintain a record of the dates upon which the self-inspection has been accomplished, and this record must be available for review during the next regularly scheduled inspection by the cognizant security office.

9. Submit in writing to the nearest field office of the FBI a report regarding any information as described in §117.8(b) of the NISPOM.

Cleared Employees: When work to be performed in conjunction with classified contracts or sub-contracts necessitates that an employee or official be officially cleared for access to classified information, the employee should initiate the clearance process by contacting the Facility Security Officer.  In addition, each cleared employee will:

1. Be responsible for insuring the integrity of the Security Program at George Mason University.

2. Become thoroughly familiar with, and abide by the contents of this policy and the Standard Practice Procedures.

3. Seek guidance and assistance from the Facility Security Officer when in doubt, on all matters relating to security and the protection of classified information.

4. Notify the Facility Security Officer of any reportable activity, including adverse information regarding other cleared employees, suspicious foreign contacts, potential insider threat indicators, and international business or personal travel.

5. Notify the Facility Security Officer if access to Classified Information is no longer required or when taking an extended leave of absence or when leaving the employment of the University.

V. EFFECTIVE DATE AND APPROVAL

This policy is effective upon date of signature below.  This policy shall be reviewed every three years or more frequently as needed.

Approved:

__/S_____________________
Senior Vice President

__/S______________________
Provost

Date approved: February 9, 2007

Revised: May 18, 2021

Revised: August 4, 2021