Safeguards and Security
Frequently Asked Questions
Safeguards and Security (S&S) policies
and systems provide a formal, organized process
to establish the roles and responsibilities
for the U.S. Department of Energy (DOE) S&S
Program. This process facilitates planning,
performing, assessing, and improving the secure
conduct of work and protection of important
DOE assets in accordance with risk-based protection
strategies. Specific requirements for each of
the key elements are contained in their respective
programmatic Manuals. The requirements are based
on national level policy promulgated in laws,
regulations, Executive orders, and Presidential
directives and are designed to prevent unacceptable
impacts on national security, the health and
safety of DOE and contractor employees, the
public, or the environment.
The following frequently asked questions (FAQs)
are organized by the topical areas and offer
answers to recurring questions or policy clarification
requests. All FAQs can be viewed by scrolling
through the whole document or viewed by clicking
on the following topical areas:
Q: Where can I find the national policies that may affect security programs I am responsible for?
A: The national policies affecting DOE's safeguards and security programs are located on the Policy Information Resource tool at http://pir.pnl.gov. This collection is comprised of the most current version of each policy document. Individual links are provided for easy access to the official documents which are located on their related government website.
Q: Does HSS intend to reissue DOE M 470.4-7, Safeguards and Security Program References, which was canceled in June 2010?
A: To comply with efforts to reform security policies, DOE M 470.4-7 will not be reissued under the directives system. However, the information contained in this manual is being continually updated to reflect ongoing changes in DOE safeguards and security policies. This information is available via the Policy Information Resource tool located at http://pir.pnl.gov.
Program Planning and Management
Q: What changed in the new Order (DOE O 470.4B) versus the previous Manual (DOE M 470.4-1, change 2)?
A: The new Order includes content from DOE M 470.4-1, change 2, Safeguards and Security Program Planning and Management; DOE O 470.4A, Safeguards and Security Program; and DOE O 142.1, Classified Visits Involving Foreign Nationals. Notable changes were introduced in the planning, classified visits, and incidents of security concern sections of the Order. The planning section was simplified and the approach to planning redefined to establish the security plan as the approved method for conducting security operations at a facility or site. Under this approach, the old distinctions between Site Security Plans (SSP) and Site Safeguards and Security Plans (SSSP) were removed in favor of a security plan which covers whatever assets and activities the facility or site has and which must be updated to address changes in those assets and activities as they occur.
In the classified visits section, procedures covering classified visits involving foreign nationals were simplified and included with the visit procedures for U.S. citizens, which allowed for the cancellation of the separate directive on this topic. New procedures were introduced for classified visits by other U.S. Government agency personnel, which will allow these individuals to be granted access to Restricted Data in connection with a specific classified visit without being processed for a DOE access authorization.
The Incidents of Security Concern (IOSC) section was completely re-written, redefining the categorization of incidents and doing away with the Impact Measurement Index (IMI) tables. A Technical Standard is being developed to further assist in addressing the "how to establish" and conduct a viable IOSC program.
In addition to these changes, many requirements which addressed how to implement specific features of the topical areas covered by this Order were eliminated. Examples include formulas and tables applicable to the conduct of vulnerability assessments (now the subject of a technical standard), specifics on the composition of teams and reports, and informational example tables such as the Foreign Ownership, Control or Influence (FOCI) matrix charts. Finally, the separate section on S&S deviations was eliminated and replaced by the standard DOE approach using equivalencies and exemptions.
Q: What were the main concerns and comments received while the document was in the RevCom process?
A: Numerous comments were received requesting that the directive be more specific as to how requirements should be implemented and that in-depth implementation instructions be included. This type of requirement was deliberately omitted from the draft directive in accordance with Secretarial direction and the policy stated in DOE O 251.1C that requirements should state "what" rather than "how" whenever possible. Comments were also received on the applicability of national requirements and standards to DOE, and there were many requests to change these requirements through the directive or omit mention of them so that the requirements would not apply. These comments were rejected on grounds that national-level requirements cannot be changed or made non-applicable through a directive.
Q: When can I start using this new Order?
A: The Order was approved by the Deputy Secretary on July 21, 2011. In general, Federal employees may begin using the new Order immediately. Contractors must begin using the Order when it has been incorporated into their contracts. It is the responsibility of Program Secretarial Offices, in accordance with DOE O 251.1C, Departmental Directives Program, to ensure that Orders are implemented within their organizations and incorporated into contracts in a timely manner.
Q: Do we need to update our previous deviations and security plans to accommodate the new Order?
A: There is no requirement to update previous deviations to accommodate the new Order. However, because many requirements that specified a "how-to" approach in the previous directives have been eliminated, sites may find that there is no longer a need to maintain some deviations which were previously in place. It may be possible in many cases to simply incorporate a site practice into the security plan, because the new Order provides sites with the flexibility to accomplish required activities by any approach that works for the site. For example, there is no longer a specific FCL requirement to have contractors provide a new FOCI package every five years. Therefore, DOE cognizant security offices with deviations from the previous five-year requirement will no longer need to maintain a deviation from this requirement. However, the DOE cognizant security office must still ensure that contractors meet the reporting requirements, including those which pertain to changes in FOCI; how that is accomplished is to be determined by the site.
The approach to do security plans has been completely revised in the new Order. There is no requirement for sites to automatically update their plans to accommodate the requirements of the new Order, and some sites may not find it necessary to change their plans at all. The new approach requires that security plans address how security operations are conducted at the covered location, cover whatever security assets and interests are present at that location, and include documentation of any residual risks and any deviations from national or DOE requirements. At sites where the existing security plan addresses these concerns, no modification needs to be made. Requirements for specific plan format and content, and the requirement for an annual review of the plan, have been eliminated.
Q: Why is a technical standard being developed for the Incidents of Security Concern Program instead of just putting all the information in the Order?
A: The Incidents of Security Concern (IOSC) approach was completely re-done from the previous iteration i.e. use of IMI tables. The policy is simplified into two types of incidents Category A or Category B. The Category A (the more significant) incidents have to be reported to headquarters and documented and closed out in the Safeguards and Security Information Management System (SSIMS) and Category B incidents are handled locally and or by the program office. In light of the Security Reform initiative we got away from the "how to" which the tables and decision trees get into and decided to put them under the technical standard as a resource for sites to use in establishing an effective IOSC program.
Q: Will other technical standards relevant to the new Order be developed?
A: A Protection Program Defensive Planning Technical Standard is currently being developed by the Protection Program policy team which will relate to the requirements of the DOE Tactical Doctrine found in the Order. Technical standards for other topical areas in the Order will be considered if there is sufficient interest from field practioners and subject matter experts to indicate that such standards may be warranted and that assistance in the development of the standards could be expected from the subject matter experts.
Q: Why was use of the term "Cognizant Security Authority" abandoned in the new Order?
A: The term "Cognizant Security Agency/Authority" (CSA) has a specific meaning under the National Industrial Security Program (NISP), as described in 32 CFR 2004 and in the National Industrial Security Program Operating Manual (NISPOM). In those national-level sources, CSA means specific agencies of the Executive Branch which have been authorized by Executive Order 12829 to establish an industrial security program to safeguard classified information under the jurisdiction of those agencies when disclosed or released to U.S. Industry. The agencies are the Department of Defense, DOE, the Central Intelligence Agency, and the Nuclear Regulatory Commission. The Heads of those agencies are the Cognizant Security Authority for each agency. Because one of the goals of the Deputy Secretary's security reform effort has been to bring DOE more closely in line with national-level policies and standards wherever possible, and because CSA has a specific limited meaning under the national-level sources, use of the term has been dropped from the new Order.
Q: How was the term "Cognizant Security Office" chosen?
A: The term "Cognizant Security Office" is defined in the NISPOM as the organizational entity delegated by the Head of a Cognizant Security Agency to administer industrial security on behalf of the CSA. This term and definition most closely reflected the concept used throughout the new Order of an office assigned responsibility by the Program Secretarial Offices/NNSA Administrator, acting on behalf of the Secretary, for a given security program or function within DOE . Therefore, this term was adopted as providing maximum flexibility in the designation of the responsible offices while adhering to the overall meaning of the term as used in the national-level sources.
Q: Now that the field is being held responsible for requirements found in national policy but not repeated in the DOE Order, what resources are available to ensure that site offices and contractors are aware of these requirements?
A: DOE O 470.4B contains a list (see Paragraph 6.) of general references which apply to the Order. In addition, references specifically applicable to the topical areas are listed at the beginning of the section for each topic, in both the Order appendices and the attachments to the CRD, to make them easy to identify. An easy way to search these references is to locate them in the Policy Information Resource (PIR) tool at http://pir.pnl.gov. (A link to the tool can also be found at http://www.hss.doe.gov/SecPolicy/links.html.) The PIR can be searched by specific document or by search terms pertinent to the requirement being researched. HS-51 can also be contacted by e-mail or by telephone for assistance in identifying the basis for a requirement and referrals to any additional policies that may apply.
Return to Top of Page
Protection Program Operations:
Q: Department of Energy (DOE) O 473.3, Protection Program Operations (PPO), was issued on June 27, 2011; what are the most significant changes from previous directives?
A: This DOE Order was created to support the Department's security reform initiative. A major goal of the reform initiative has been to shift away from detailed prescriptive requirements and to rely on national standards whenever possible. This change from "how" to "what" facilitates innovation and opportunity for efficiency developed at the site level. Additionally, the interrelated elements of guards, gates, and guns (contractor protective force, Federal protective force, and physical security requirements) have been combined into one directive.
Q: What are some of the concerns and/or recurring comments received regarding the PPO Order?
A: Concerns were expressed in regard to the Order's applicability vis à vis program elements and a more definitive definition of security interests requiring protection. The text was modified to indicate clearly the Order's applicability to all elements thus addressing both concerns. Concern in regard to requirements associated with minimum security areas (General Access Areas and Property Protection Areas) was expressed. The text was modified to eliminate specific reference to the Interagency Security Committee Standards for those areas. Some field sites identified differences between DOE Order requirements and those in NA's policies (NAPs) and requested greater prescription in both protective force and physical protection requirements. It was pointed out that the NAPs are independent of DOE Order requirements and that reduction in prescriptive requirements is necessary to support the security reform initiative.
Q: When can I start using this new Order?
A: While the Order went into effect on June 27, 2011, the following quotation from paragraph 2 of the Order should be kept in mind. "Cancellation of a directive does not, by itself, modify or otherwise affect any contractual or regulatory obligation to comply with the directive. Contractor Requirements Documents that have been incorporated into a contract remain in effect throughout the term of the contract unless and until the contract or regulatory commitment is modified to either eliminate requirements that are no longer applicable or substitute a new set of requirements." Additionally, implementation is addressed in paragraph 4.c., which states, "Requirements that cannot be implemented within 6 months of the effective date of this Order or within existing resources must be documented by the ODFSA (ed. note: Officially Designated Federal Security Authority) and submitted to the relevant program officers; the Under Secretary; the Under Secretary for Science or the Under Secretary for Nuclear Security, NNSA; and the Office of Security, Office of Health, Safety and Security. The documentation must include timelines and resources needed to fully implement this Order. The documentation must also include a description of the vulnerabilities and impacts created by delayed implementation of the requirements."
Q: Why were the Contractor Requirements Document sections minimized?
A: This reduction was in direct support of an element of the security reform initiative which was to eliminate or at least significantly reduce the amount of duplicative requirements.
Q: Do we need to update our previous PPO related deviations to accommodate this new Order?
A: As long as the requirement has not changed and the deviation has not expired, appropriate pen and ink changes recorded on the local copy of the deviation (i.e., new paragraph/order reference, new POC, other administrative items, etc.) would be sufficient from the perspective of the Office of Security Policy.
Q: Are annual validation force-on-force (FoF) exercises still required at all sites with armed protective forces?
A: Yes. However, the wording for the requirement has been modified slightly to state, "A validation FoF (VFoF) is a major, integrated test to facilitate assessment of all the elements employed in response to GSP (ed. note: Graded Security Protection Policy) and site-specific threats. VFoF exercises must be held at all facilities having an armed PF (ed. note: Protective Force) annually (at least every 12 months)." This wording was developed to better indicate that the goal of the exercise is not to judge "win or lose," but to provide a tool which allows evaluators the opportunity to assess the effectiveness of protection elements as they would be used during an actual attack on that facility.
Q: In July 2011, an updated Protective Force Firearms Qualification Courses document was posted on the HSS website at: http://www.hss.energy.gov/SecPolicy/pfs.html. What are the major changes in the document?
A: The document was updated to include: a matrix identifying standard courses of fire for Security Police Officers (I, II, & III), Federal Agents, Special Agents, and Federal Officers. The names of some of the courses of fire were changed to reflect Federal/contractor neutrality. Most significantly, the document establishes that 75 percent is the minimum qualification score for the old Security Police Officer I Day Handgun Qualification Course, which has been renamed as the Handgun Only Qualification Course. In order to provide flexibility to the field, the old Daylight Handgun Qualification Course has been reinstated.
Q: What happened to Credentials and Shields information which was located in DOE M 470.4-8, Federal Protective Force and DOE M 470.4-3A, Contractor Protective Force manuals?
A: Due to a comment received via the RevCom process, this information was extracted and relocated to Attachment 3, Section A, Chapter XI, paragraph 9 in the Physical Security part of DOE O 473.3.
Q: Why was the Basic Security credential added to this section?
A: The Office of Headquarters Security indicated a Departmental need for reinstatement of this credential. It had been deleted in a previous revision to the directives, but it is still in use and without reinstatement in policy there would be no basis for its issuance.
Q: Appendix A, Section B, 11. of DOE O 473.3, states, "At a minimum, armorers must have a favorably adjudicated national agency check with local agency and credit check (NACLC) and participate in the HRP before receiving unescorted access to weapons used by protective forces which are in HRP." Does this mean that an armorer without a Q clearance can be in HRP?
A: . No. The text attempts to establish that the minimum requirement for an armorer is a favorably adjudicated national agency check. A separate section (Appendix A, Section A, paragraph 3, of DOE O 473.3) indicates that if the protective forces are in HRP, then the armorer also must be in HRP. Part of the pre-requisite for being in HRP is that one must have a Q clearance.
Q: At my site we are having trouble recovering 100 percent of DOE security badges from terminating employees. Are there suggestions for local implementations of the policy or have other sites developed procedures that have proven to be successful?
A: The requirements for turning in a DOE security badge are well documented in DOE O 473.3. The DOE security badge is a U.S. Government credential intended to be accepted at any U.S. Federal facility (military and civilian) for validating the identity of the person possessing the badge. Since the badge is "Government Property" when not returned it should be considered and treated as theft of Government Property. Communicate (i.e., email, security briefing, condition of issue, etc.) to all employees the fact that DOE security badges not returned will be treated and reported as theft of Government property. In addition the potential misuse of a non-returned badge could potentially create a significant threat to DOE and other Federal Department and Agencies and U.S. Government contractors.
A consideration would be to establish an out-processing Checklist which would include the turn-in of the security badge. If such a list already exists then review it to see if the timing of out processing could be modified to improve the likelihood of the badge being returned. Should this process fail another consideration would be to prepare a standard form letter, with a specified return date along and mail to each terminating employee who failed to turn in their badge, along with a self-addressed envelope. This would offer the person failing to turn-in the badge another opportunity to do so.
Losses are required to be immediately reported under the current DOE Incidents of Security Concern policy since the loss is considered theft. An implementation consideration would be to report to the local DOE Office of the Inspector General (OIG) the theft of Government property. A form letter on OIG letterhead to the person who failed to return a security badge may prove effective. Collateral to the report of loss, the loss information is to be reported to the security clearance processing office holding the clearance documentation and the activity entering the data into the Central Personnel Clearance Index (CPCI).
Q: Specific references to the Interagency Security Committee Standards are not included in DOE O 473.3; are these standards a requirement for my site?
A: Yes, since a national requirement does not need to be repeated in a DOE Order to be a site requirement.
Q: I have heard a great deal of talk of about the Interagency Security Committee (ISC) and its impact on DOE security. What is the ISC and what is their role as far as determining DOE security requirements?
A: The ISC is a committee formed by Executive Order 12977 in 1995. This committee, of which DOE was a participant, was formulated to create security standards for the protection of federal facilities. As a result multiple documents have been published to aid in the standardization of security for federal facilities. The latest physical security criteria document, "Physical Security Criteria for Federal Facilities" was issued April 12, 2010, and applies to all federal facilities. As a result of the ISC standard, DOE initially reviewed its impact and determined that it applied to security areas less than that of a Limited Area. The requirements for Limited Areas and above are designed to protect classified and special nuclear material which exceeds the scope of the ISC standard. Initial versions of DOE O 473.3 contained explicit direction to implement the ISC standard for GAAs and PPAs. However this direction was not met favorably. The language was altered to indicate that one should follow the DOE graded approach and direction provided by national level standards (which include the ISC criteria). Notwithstanding the removal of the ISC language from the specific chapter on security areas, the ISC is an applicable national level standard that must be met unless DOE specifies more stringent requirements.
Return to Top of Page
Q: What changed in the new order from the previous manual?
A: This Order allows more flexibility for Program Elements to establish the specific implementation requirements for information assets under their cognizance. This includes development of appropriate contract language for specific programmatic requirements. This Order also removed duplicative requirements found in national policy and requirements documents (e.g., Executive Orders, laws, statues, etc.) and other DOE directives.
Q: Why was the one-hour rule not included in DOE M 470.4-4A?
A: The one-hour provision was removed as a result of the comment and resolution period within the RevCom process for DOE M 470.4-4A. DOE and National policy requires that classified matter be protected from unauthorized access and for it to be provided appropriate storage when not in use or under the control of an authorized individual. Anything that does not meet those requirements would require a deviation. Additionally, one of the objectives in revising the information security manual was to reduce or eliminate "how-to" direction for local program implementation and the one-hour rule was a how-to. Local procedures to implement classified matter storage and in-use requirements must be documented as part of your CMPC program plan and included in your local site/facility security plan.
Q: What were the main concerns and/or recurring comments received?
A: The primary concern was the fact that so much information was removed from the directive. However, this was done in response to the Secretary's policy reform effort to remove duplicative requirements found in national policy and other requirements documents. Also, recurring comments had to do with conflicts with NNSA NAPs. This order provides Departmental requirements, while the NAPs represent NNSA's policy for its sites.
Q: When can I start using this new Order?
A: Federal employees should be using this new Order as soon as their governing Security Plan incorporates these requirements. Contractors must begin using this order when it is incorporated into their contracts. However, contractors may choose, in coordination with their Federal Program Office representatives, to begin using this Order anytime as determined by the appropriate contracting officer.
Q: Why were the CRD sections minimized?
A: The Program Offices advised that a one-size-fits-all CRD was not workable at many of their sites and that there needed to be more flexibility. For that reason, the Program Offices now have the responsibility to ensure that local implementation requirements are defined and included in their contracts. The CRD advises that along with including DOE and national requirements, implementation must be developed at the local level and approved by the Program Office. The Program Office maintains the responsibility and accountability for the specific requirements language for their contractors to be included in their contracts.
Q: Do we need to update our previous deviations/security plans to accommodate the new order?
A: There is no requirement to update previous deviations to accommodate the new Order. However, because many requirements that specified a "how-to" approach in the previous directives have been eliminated, sites may find that there is no longer a need to maintain some deviations which were previously in place. It may be possible in many cases to simply incorporate a site practice into the security plan, because the new Order provides sites with the flexibility to accomplish required activities by any approach that works for the site. Since many requirements have changed, the deviation may not be traceable to the specific requirement to which it applied when it was approved. The deviation may be from a national requirement rather than the Order. When a requirement is found in a national-level document, the process described in that national-level document must be followed to obtain a deviation.
With regard to security plans, the answer is "Probably." Because of the flexibility allowed, the security plan must include all of the approved procedures that are specific to each site or facility.
Q: Why did the marking of titles in classified documents change from the end of the title to the beginning?
A: The change was made to comply with the requirements in Executive Order 13526 and 32 CFR Part 2001 and 2004.
Q: Does the fact that so much was removed from the previous Directive mean that those requirements no longer apply?
A: Not necessarily. Many of the removed requirements were already addressed and required by national directives. The requirement to follow the national directives in addition to the requirements in the Order is clearly stated in the beginning of the Order and the beginning of the CRD. Program Offices may implement exemptions and equivalencies as stated in the Order and include the resultant procedure in applicable contracts and local security plans.
Q: Why is the one-hour rule no longer in the Order?
A: The one-hour rule was originally developed in conjunction with other safeguards requirements (how-to's), which, in combination, adequately ensured the protection intent of national policy. However, since many of those "hows" were removed from the Order, the one-hour rule no longer existed in the context of comprehensive protection requirements. Consequently, each field element must now determine the appropriate safeguards required for them to meet the intent of national policy.
Q: The C/FGI-MOD coversheet still refers to Executive Order 12958. Will it be updated?
A: Yes. The C/FGI-MOD coversheet has been modified, approved, and will be posted shortly on the DOE Forms section of the Office of the Chief Information Officer (OCIO) website which can be found at: http://energy.gov/cio/forms.
Q: My site does work for both NNSA and other DOE Programs. Do I follow the NAPs or the DOE Order?
A: The answer to that question is up to NNSA and the other Program Offices involved. It may be that you will have to follow both or it may be that NNSA and the other Program Office(s) agree to use one or the other for all work at your site. Suggest you contact your senior management for the answer for your facility or site.
Return to Top of Page
Nuclear Material Control and Accountability
Q: What changed in the DOE O 474.2, Nuclear Material Control and Accountability, from the previous MC&A manual?
A: The revision of the MC&A policy provides our sites and program offices with the greatest of flexibility to manage their respective MC&A programs. The most significant change beyond only providing what is required and not how to implement the MC&A program is the redefining of what is self protecting. There are two changes to the Graded Safeguards Table (GST). The term "moderately irradiated material" was removed from the descriptors for Low-Grade Material as there was not a definition in any of the S&S directives and a new one could not be agreed on. The definition for "Highly Irradiated" was changed from 100 rem/hr at 1 meter to Highly Irradiated is defined "as material sufficiently radioactive to ensure a high probability of failure of task(s) by an adversary." The determination of high probability of failure of task(s) must be coordinated with the sites risk assessment and/or other assessments performed by the site.
Q: How is the new order DOE O 474.2, Nuclear Material Control and Accountability structured?
A: The written sequence for DOE O 474.2, Nuclear Material Control and Accountability, is as follows: purpose, cancellation, applicability, requirements, responsibilities, references, definitions and contact information. Attachment 1 is the Contractor Requirements Document (CRD) and all attachments, except Attachment 1 (which applies to contractors only) apply to both Federal and contractor employees.
Q: Why have we shifted to risk acceptance by management and performance based orders?
A: One of the Secretary's guiding principles for the new policy is mission managers supporting the acceptance of appropriate performance and operational risk. This Order allows mission managers flexibility to justify that the material is being well protected even if the attractiveness level and category changes, document any risk, and continue to implement effective MC&A.
Q: Can the current MC&A plan still be used to implement DOE O 474.2?
A: Most MC&A manager's can use their existing plans and continue with their current MC&A practices with no changes whatsoever, provided the material is determined to be adequately protected and the necessary approvals are documented. Also, managers now have the authority to weigh respective risks of various protective options and then choose one. If after a review, the site determines that their material is inadequately protected, then the site can document the residual risk, based on current protection and overall benefit to operations. DOE line managers can then accept the identified residual risk or chose to make the necessary physical protection changes to adequately protect material.
Q: What were the main concerns and/or reoccurring comments received?
A: The main concern related to a change to "self protecting", there are technical studies internal and external to DOE that do not support the low number (100 rem/hr at 1 meter) against today's adversary as being self protecting. Highly Irradiated is defined as material sufficiently radioactive to ensure a high probability of failure of task(s) by an adversary. The determination of high probability of failure of task(s) must be coordinated with the sites risk assessment and/or other assessments performed by the site. Mission managers can accept risk or make physical protection changes if there is an attractiveness level and category change due to the changes in this Order.
Q: When can I start using the new order DOE O 474.2, Nuclear Material Control and Accountability?
A: As soon as any directive is published, it can be used. DOE O 474.2, Nuclear Material Control and Accountability, was published on 6-27-11, which is its effective date. Implementation: "Within six months of the effective date of this Order, sites must provide an implementation plan for approval from their Program Secretarial Office. Requirements that cannot be implemented within six months of the effective date of this Order or within existing resources must be documented by line management and submitted to the relevant program officers; the Under Secretary of Energy, the Under Secretary of Science or the Under Secretary for Nuclear Security/Administrator, NNSA; and HSS. The documentation must include timelines and resources needed to implement this Order and include a description of the vulnerabilities and impacts created by the delayed implementation of the requirements".
Q: Why were the CRD sections minimized?
A: The CRD section was minimized to only state what is required by policy. Sites and/or program offices will provide the necessary implementation instructions to their contractors.
Q: Do we need to update our previous deviations/security plans to accommodate the new order?
A: Current deviations stay in place until they expire, the basis is changed or further instructions are provided by the site or program office. The current order allows sites to incorporate into their MC&A plan or site security plan the "deviation" practices. If the "deviation" can be rewritten into their MC&A plan or site security plan and approved by DOE line management, it can be eliminated. If a deviation is needed, you would need to either submit an equivalency or exemption to the requirements in this order. Additionally DOE O 470.4B, Safeguards and Security Program, requires that approved equivalencies and exemptions be entered into the Safeguards and Security Information Management System (SSIMS) database and incorporated into the next revision of the site security plan.
Q: Are the metrics in the MC&A Order requirements?
A: The metrics in the MC&A Order are not requirements; however, sites must have criteria, such as metrics, to show that they are meeting the objectives of the MC&A Order.
In the order, MC&A objectives are supported by metrics that management can use to evaluate their program, or create their own metrics by which to evaluate their program. Using the metrics provided, to evaluate your program, is sufficient to satisfy meeting the objectives of this order.
Q: What are ways to meet the requirements of the MC&A Order?
A: There are three direct methods to meet the requirements of the DOE O 474.2:
- Sites can continue to use their current MC&A Plan and not change how they implement MC&A at their site. However, the site would have to evaluate the MC&A Plan against the metric(s) in DOE O 474.2. Document any metrics that the site is not doing and show acceptance of any residual risk or the alternative metric being used that is approved by DOE line management and show acceptance of any residual risk.
- Sites can use the Technical Standard for MC&A (DOE-STD-1194-2011) to implement meeting the requirements in DOE O 474.2. If there is a change to attractiveness levels and categorization of nuclear material, either define residual risk, have DOE line management sign up to accepting that risk, or upgrade to protect at the correct level.
- Sites can use the NNSA model of Safeguards First Principles (SFPI) for implementing DOE O 474.2. See NNSA for details of implementing SFPI to meet DOE O 474.2.
Q: Why does the MC&A Order now have an accompanying MC&A technical standard DOE-STD-1194-2011 Nuclear Materials Control and Accountability and is it mandatory?
A: The MC&A Technical Standard provides site facilities with an accepted method for meeting the performance objectives and metrics for the requirements of DOE O 474.2.
The technical standard DOE-STD-1194-2011 Nuclear Materials Control and Accountability is referenced in the order but is not invoked or required by the order. It does provide site facilities with a means of meeting performance objective requirements for DOE O 474.2. This technical standard gives the MC&A practitioners the basics of how to do MC&A with best practices and examples, which, if adopted in full, meets all the order requirements.
Return to Top of Page