doc_fn: draftord/473/m4731-1.html
DocType: Draft
ID: DOE M 473.1-1
Title: Manual for Physical Protection of Safeguards and Security
Summary:
Org:
Date_Issue: 06/18/1997
Date_Close:
VdkVgwKey: draftord-15
Directive: 473.1
Text:
DATE: JUNE 17, 1997
REPLY TO: HOWARD LANDON,
OFFICE OF ORGANIZATION AND MANAGEMENT, HR-62
TO: DIRECTIVES POINTS-OF-CONTACT AT DP, EH, EM, ER, NN,
OPERATIONS OFFICES, AND FIELD OFFICES
SUBJECT: DOE M 473.1-1, MANUAL FOR PHYSICAL PROTECTION OF
SAFEGUARDS AND SECURITY INTERESTS
The attached subject draft Manual, a revision of DOE M 5632.1C-1, is being forwarded for your
review and comment.
The requirements of this manual should have been implemented under the requirements of DOE
Manual 5632.1C-1, dated 7-15-94. The changes in protection requirements in DOE M 473.1-1
are results from implementation experience with the DOE M 5632.1C-1, differing requirements of
Departmental facilities brought about by adjustments in Departmental and National policy and by
technical advances. Some of these changes include the removal of the Chapters on the Protection
and Control of Classified Matter, Protection of Unclassified Irradiated Reactor Fuel in Transit,
and the Acceptance and Validation Programs. In place of those removed, new Chapters on
Protection of Classified Matter, the Radiological and Toxicological Sabotage Program and
Security Design Criteria are inserted. The Department's Classified Information Systems Security
Program was republished as DOE O 472.1, and the Acceptance and Validation Program was
included in DOE O 470.1 Chapter III. The implementation of the graduated approach to
protection facilitates a reduction in the technical considerations for the less sensitive systems while
not increasing the more stringent requirements of systems of a more sensitive nature.
Administrative changes have also been made.
This Manual is composed of 14 Chapters that provide detailed requirements for protection of
safeguards and security interests. Chapter I addresses five essential ingredients for a successful
program; site specific characteristics; design basis threat; protection strategy; planning; and
graduated protection. Chapter II through IV address protection and control of special nuclear
material, protection requirements for classified matter, and radiological and toxicologic sabotage.
Chapter V discusses Security Areas that are used to protect the safeguards and security interests
discussed in Chapters II and III. Chapter XI is a collection of the security design criteria taken
from DOE O 6430.1A that was canceled by DOE O 240.1, and which did not capture security
requirements. The remaining chapters provide supporting information and requirements for
effective implementation of safeguards and security programs.Comments on the Manual are due by July 18, 1997. Late comments will be held for
consideration during the Manual's next annual review. MAJOR ISSUES and SUGGESTED
COMMENTS should be designated as such when submitted. MAJOR ISSUES shall be limited to
those instance where the Manual, in its entirety or its identified requirements, would have an
adverse effect on DOE policy objectives, mission accomplishment, economy, efficiency, or other
management concerns that would preclude its publication.
COMMENT SUBMISSION FOR DOE Manual 473.1-1:
Directives Points-of-Contact at Headquarters Elements: Submit comments to Marti Lydick, HR-
41, Room 8F-084 Forrestal; send to MARLENE.LYDICK@HQ.DOE.GOV; or send via e-mail.
In addition, send a copy to Darryl Toms, Protection Program Operations, NN-512.1, Room E-
378, Germantown; send facsimile to (301) 903-8717; or send via e-mail to
Daryl.Toms@hq.doe.gov.
Directives Points-of-Contact at Field Elements:
a. Submit consolidated comments to Marti Lydick, HR-41, Room 8F-084, Forrestal; send to
MARLENE.LYDICK@HQ.DOE.GOV; or send via e-mail. In addition, send a copy to
Darryl Toms, Protection Program Operations, NN-512.1, Room E-378, Germantown;
send facsimile to (301) 903-8717; or send via e-mail. The package shall include as an
attachment, the comments provided by contractor organizations.
b. Operations Offices will send a copy of their comments to the Associate Deputy Secretary
for Field Management, FM-1, Room 5A-115, Forrestal.
Contractor Organizations: Submit comments directly to their appropriate Field Elements.
Contacts: Questions concerning the processing of the Manual should be directed to Ms. Lydick,
HR-41, at (202) 586-3278. Questions concerning the content of the Manual should be directed to
Mr. Toms, NN-512.1, at (301) 903-7087.
MANUAL FOR PHYSICAL PROTECTION OF
SAFEGUARDS AND SECURITY INTERESTS
1. PURPOSE. This Manual provides detailed requirements to supplement DOE O 473.1,
PHYSICAL PROTECTION OF SAFEGUARDS AND SECURITY INTERESTS, which
establishes requirements and responsibilities for the protection of special nuclear material
(SNM), nuclear weapons, vital equipment, classified matter, assets, and facilities.
2. SUMMARY. This Manual contains detailed requirements for protection of safeguards
and security interests.
a. Chapter I addresses five essential parts of a successful program: site-specific
characteristics, design basis threat, strategy, planning, and graded protection.
b. Chapters II and III address the protection of SNM and classified matter.
c. Chapter IV addresses the protection of DOE facilities against radiological and
toxicological sabotage.
d. Chapter V discusses Security Areas that are used to protect the safeguards and
security interests discussed in Chapters II and III.
e. Chapter VI through XIII provide supporting information and requirements for
protection elements that effectively implement safeguards and security programs.
f. Chapter XIV is a collection of the security design criteria taken from DOE O
6430.1A, GENERAL DESIGN CRITERIA. DOE O 420.1 and O 430.1,
canceled O 6430.1A but did not capture security requirements.
3. CANCELLATIONS: DOE Manual 5632.1C-1, MANUAL FOR THE PROTECTION
AND CONTROL OF SAFEGUARDS AND SECURITY INTERESTS, dated 7-15-94,
and the security requirements of canceled DOE O 6430.1A.
4. REFERENCES AND DEFINITIONS.
a. See Attachment 1 for a list of references pertinent to the protection of safeguards
and security interests.
b. Definitions of terms commonly used in the Safeguards and Security Program are
provided in the "Safeguards and Security Glossary of Terms," which is maintained
and distributed by the Office of Safeguards and Security.
5. DEVIATIONS. Deviations to this Manual shall be approved through procedures
established in DOE O 470.1, SAFEGUARDS AND SECURITY PROGRAM.
6. ASSISTANCE. Questions concerning this Manual should be directed to the Protection
Operations Program Manager at 301-903-5693.
7. IMPLEMENTATION. Most requirements in this directive are the same as those
contained in the superseded directives. Implementation plans for any requirements that
cannot be implemented within 6 months of the effective date of this Manual or within
existing resources shall be developed by Heads of Field Elements and submitted to the
Office of Safeguards and Security.
CONTENTS
CHAPTER I, PROTECTION PLANNING
1. Site-Specific Characteristics . . . . . . . . . . . . . .I-1
2. Threat. . . . . . . . . . . . . . . . . . . . . . . . . .I-1
3. Protection Strategy.. . . . . . . . . . . . . . . . . . .I-1
4. Planning. . . . . . . . . . . . . . . . . . . . . . . . .I-2
5. Graded Protection. . . . . . . . . . . . . . . . . . . .I-3
6. Performance Assurance. . . . . . . . . . . . . . . . . .I-3
CHAPTER II, PROTECTION OF SPECIAL NUCLEAR MATERIAL AND VITAL
EQUIPMENT
1. General . . . . . . . . . . . . . . . . . . . . . . . . II-1
2. Access. . . . . . . . . . . . . . . . . . . . . . . . . II-2
3. Protective Force Posts. . . . . . . . . . . . . . . . . II-2
4. Storage . . . . . . . . . . . . . . . . . . . . . . . . II-2
5. Category I Quantities of Special Nuclear Material.. . . II-4
6. Category II Quantities of Special Nuclear Material. . II-5
7. Category III Quantities of Special Nuclear Material . . II-5
8. Category IV Quantities of Special Nuclear Material. . . II-6
9. Vital Equipment . . . . . . . . . . . . . . . . . . . . II-7
Table II-1, Access Authorization Requirements . . . . . II-3
CHAPTER III, PROTECTION OF CLASSIFIED MATTER
1. General . . . . . . . . . . . . . . . . . . . . . . . .III-1
2 Storage Requirements. . . . . . . . . . . . . . . . . .III-2
3. Protecting Container Information. . . . . . . . . . . .III-6
CHAPTER IV, RADIOLOGICAL AND TOXICOLOGICAL SABOTAGE PROTECTION
1. General . . . . . . . . . . . . . . . . . . . . . . . . IV-1
2. Protection Planning . . . . . . . . . . . . . . . . . . IV-1
3. Assessment of Risks . . . . . . . . . . . . . . . . . . IV-2
4. Protection of Radiological/Toxicological Sabotage TargetsIV-3
Table IV-1, Radiological and Toxicological Sabotage Consequence ValuesIV-4
CHAPTER V, SECURITY AREAS
1. General . . . . . . . . . . . . . . . . . . . . . . . . .V-1
2. Property Protection Area. . . . . . . . . . . . . . . . .V-4
3. Limited Area. . . . . . . . . . . . . . . . . . . . . . .V-5
4. Exclusion Area. . . . . . . . . . . . . . . . . . . . . .V-6
5. Protected Area. . . . . . . . . . . . . . . . . . . . . .V-7
6. Vital Area. . . . . . . . . . . . . . . . . . . . . . . .V-9
7. Material Access Area. . . . . . . . . . . . . . . . . . V-10
8. Other Security Areas. . . . . . . . . . . . . . . . . . V-12
CHAPTER VI, PROTECTION ELEMENT: INTRUSION DETECTION AND ASSESSMENT
SYSTEMS
1. General . . . . . . . . . . . . . . . . . . . . . . . . VI-1
2. General Requirements. . . . . . . . . . . . . . . . . . VI-1
3. Interior Intrusion Detection System Requirements. . . . VI-3
4. Exterior Intrusion Detection System Requirements. . . . VI-4
5. Intrusion Detection System Alarm Annunciation at the Central and Secondary Alarm
Station . . . . . . . . . . . . . . . . . . . . . . . . VI-5
6. Radio Frequency Alarm Systems . . . . . . . . . . . . . VI-6
7. Lighting Requirements . . . . . . . . . . . . . . . . . VI-8
8. Auxiliary Power Sources . . . . . . . . . . . . . . . . VI-9
9. Protection of Intrusion Detection Systems . . . . . . .VI-10
Table VI-1, Alarm System Protection Requirements . . .VI-14
CHAPTER VII, PROTECTION ELEMENT: ACCESS CONTROL AND ENTRY/EXIT
INSPECTIONS
1. General . . . . . . . . . . . . . . . . . . . . . . . .VII-1
2. Automated Access Control Systems. . . . . . . . . . . .VII-2
3. Entry/Exit Inspections. . . . . . . . . . . . . . . . .VII-3
CHAPTER VIII, PROTECTION ELEMENT: BARRIERS AND LOCKS
1. Barriers. . . . . . . . . . . . . . . . . . . . . . . VIII-1
2. Locks.. . . . . . . . . . . . . . . . . . . . . . . . VIII-5
CHAPTER IX, PROTECTION ELEMENT: SECURE STORAGE
1. Vaults And Vault-Type Rooms . . . . . . . . . . . . . . IX-1
2. Security Containers . . . . . . . . . . . . . . . . . . IX-5
CHAPTER X, PROTECTION ELEMENT: COMMUNICATIONS
1. General . . . . . . . . . . . . . . . . . . . . . . . . .X-1
2. Duress Systems. . . . . . . . . . . . . . . . . . . . . .X-1
3. Radios. . . . . . . . . . . . . . . . . . . . . . . . . .X-1
4. Special Response Team Radio Communications. . . . . . . .X-2
CHAPTER XI, PROTECTION ELEMENT: MAINTENANCE
1. General . . . . . . . . . . . . . . . . . . . . . . . . XI-1
2. Corrective Maintenance. . . . . . . . . . . . . . . . . XI-1
3. Preventive Maintenance. . . . . . . . . . . . . . . . . XI-1
4. Maintenance Personnel Access Authorization. . . . . . . XI-2
5. Recordkeeping . . . . . . . . . . . . . . . . . . . . . XI-2
CHAPTER XII, PROTECTION ELEMENT: POSTING NOTICES
1. General . . . . . . . . . . . . . . . . . . . . . . . .XII-1
2. Trespassing . . . . . . . . . . . . . . . . . . . . . .XII-1
CHAPTER XIII, PROTECTION ELEMENT: SECURITY BADGES
AND CREDENTIALS
1. Security Badges . . . . . . . . . . . . . . . . . . . XIII-1
2. Issuance, Use, Recovery, and Destruction of Security BadgesXIII-1
3. Types of Credentials. . . . . . . . . . . . . . . . . XIII-3
4. Issuance of Credentials . . . . . . . . . . . . . . . XIII-4
5. Accountability of Badges, Credentials, and Shields. . XIII-5
6. Storage of Security Badge Materials, Unissued Badges, Credentials, and ShieldsXIII-6
7. Terminating Security Badges, Credentials, and Shields XIII-6
CHAPTER XIV, SECURITY DESIGN CONSIDERATIONS
1. General . . . . . . . . . . . . . . . . . . . . . . . .XIV-1
2. Security Area Barriers. . . . . . . . . . . . . . . . .XIV-1
3. Intrusion Detection Systems . . . . . . . . . . . . . XIV-10
4. Access Control Systems and Entry/exit Inspections . . XIV-16
5. Barriers. . . . . . . . . . . . . . . . . . . . . . XIV-17
6. Physical Security Technical Surveillance Countermeasures Construction StandardsXIV-22
7. Secure Storage Architectural Requirements . . . . . . XIV-28
8. Communication Systems . . . . . . . . . . . . . . . . XIV-29
Attachment 1 - References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1-1
CHAPTER I
PROTECTION PLANNING
1. SITE-SPECIFIC CHARACTERISTICS. Protection programs shall be tailored to address
specific site characteristics and requirements, current technology, ongoing programs, and
operational needs and the measures necessary to achieve acceptable protection levels that
reduce inherent risks on a cost-effective basis.
2. THREAT. Physical protection afforded safeguards and security interests shall be based
upon the "Design Basis Threat for the Department of Energy Programs and Facilities
(U)." Consideration should also be given to site and regional threats and emergency
situations, such as civil disturbances and disasters.
3. PROTECTION STRATEGY.
a. Strategies for the physical protection of SNM and vital equipment shall
incorporate the applicable requirements established in Chapter II. Protection
strategies may be graded to address varying circumstances and may range from
denial, to containment, to recapture/recovery and/or pursuit.
(1) A denial strategy shall be used when unauthorized access presents an
unacceptable risk for:
(a) the theft of Category I SNM,
(b) the initiation (or credible threat of initiation) of nuclear dispersal or
detonation, or
(c) the use of available nuclear materials for onsite assembly of an
improvised nuclear device.
(2) A containment strategy shall be used to prevent the unauthorized removal
of Category II or greater SNM that can roll up to Category I.
(3) Should denial and/or containment referenced in 3a(1) and (2) above fail, a
recapture/recovery and/or pursuit strategy would then be required. Forces
capable of rapid reaction are vital to the implementation of such recapture
or recovery efforts.
b. Strategies for the physical protection of classified matter shall incorporate the
applicable requirements established in Chapter III. The strategy shall be based on
efforts that will detect or deter unauthorized disclosure, modification, loss of
availability, and removal from a site or facility of classified information or sensitive
but unclassified information.
c. Strategies for the physical protection of radiological/toxicological sabotage targets
shall incorporate the applicable requirements established in Chapter IV. Protection
strategies shall be designed to prevent radiological/toxicological sabotage acts that
would pose significant dangers to the health and safety of employees, the public, or
the environment. These strategies may be graded to address varying circumstances
and may range from denial, to containment, and/or to consequence mitigation.
d. Strategies for the physical protection of other safeguards and security interests
shall be developed commensurate with the safeguard and security interest
importance.
(1) A strategy ranging from detection to deterrence shall be used for security
interests whose loss, theft, compromise, and/or unauthorized use will
seriously affect the national security and/or the health and safety of DOE
and contractor employees, the public, the environment, or DOE programs.
(2) A strategy of detection and deterrence shall be used for safeguard and
security interests whose loss or theft will have a negative financial impact
on the Department.
(3) A strategy of denial shall be used to address the introduction of certain
articles into DOE facilities that would impact the health and safety of DOE
and contractor employees (e.g., hand-carried, mailed, and vehicle-
transported explosives, firearms, and chemical and biological agents).
4. PLANNING.
a. Site Safeguards and Security Plans. The details of site physical protection
measures shall be addressed in the Site Safeguards and Security Plan (SSSP), as
required by DOE O 470.1.
b. Security Plans. At locations where an SSSP is not required due to the limited
scope of safeguards and security interests, a security plan shall be developed to
describe the protection program in place.
5. GRADED PROTECTION.
a. Graded Protection.
(1) Protection shall be applied in a graded manner. The level of effort and
magnitude of resources expended for the protection of a security interest
shall be commensurate with the security interest's importance or the impact
of its loss, destruction, or misuse. The highest level of protection shall be
given to security interests whose loss, theft, compromise, sabotage, and/or
unauthorized use will have serious impact on the national security, financial
security, and/or the health and safety of DOE and contractor employees,
the public, the environment, or DOE programs. For example, use of a
weapon of mass destruction by a terrorist(s) could have severe
consequences necessitating the highest reasonably attainable level of
security.
(2) Protection of other interests shall be graded accordingly. Protection-
related plans shall describe and document the rationale used for selecting
the graded protection provided the various safeguards and security
interests. Asset valuation, threat analysis, and vulnerability assessments
shall be considered, along with the acceptable level of risk and any
uncertainties, to determine if the risk is significant and what protection
measures should be applied. Heads of DOE Elements shall provide a
rational and cost-effective protection framework applying risk management
as the underlying basis for making security-related decisions.
b. A rational, cost-effective protection framework shall be provided applying risk
management as the underlying basis for making security-related decisions. It
should be recognized that risks will be accepted (i.e., that actions cannot be taken
to reduce the potential for or consequences of all malevolent events to zero);
however, an acceptable level of risk will be determined based on evaluation of a
variety of facility-specific goals and considerations.
c. Protection plans shall describe, justify, and document the graded protection
provided various safeguards and security interests.
6. PERFORMANCE ASSURANCE. Safeguards and security systems shall be tested as
required by DOE O 470.1 to ascertain effectiveness in providing countermeasures to
address design basis threats.
CHAPTER II
PROTECTION OF SPECIAL NUCLEAR MATERIAL AND VITAL EQUIPMENT
1. GENERAL. This chapter outlines requirements for the protection of Categories I through
IV quantities of SNM and vital equipment. The following requirements shall apply.
a. A facility shall not receive, process, transmit, or store SNM until that facility has
been approved as required by DOE O 470.1.
b. Nuclear material production reactors and fuel shall be protected consistent with the
category of SNM involved and/or the consequences of radiological sabotage.
c. An integrated system of positive measures shall be developed and implemented for
the protection of Category I SNM (nuclear weapons).
d. Protection afforded SNM shall be graded according to the nuclear material
safeguards category, as defined in Figure I-2 of DOE 5633.3B, CONTROL AND
ACCOUNTABILITY OF NUCLEAR MATERIALS, and shall reflect the specific
nature of SNM existing at each site. DOE 5633.3B shall be used to determine the
potential to accumulate a Category I quantity of SNM by theft from more than one
location (roll-up) within the same Protected Area.
e. Factors such as ease of separability, accessibility, and concealment; quantity,
chemical form, isotopic composition, purity, and containment; portability;
protection strategies; radioactivity; and self-protecting features, shall be considered
in determining physical protection for each category of SNM.
f. When SNM is classified because of its configuration or content, or because it is
part of a classified item, it shall receive the physical protection required by the
highest level of classification of the configuration, content, item, or category of
SNM involved.
g. Protective force personnel shall be available and positioned to respond to a verified
threat occurrence to contain, interrupt, and/or neutralize adversaries within the
required response times.
h. Intrusion detection shall be accomplished through a combination of intrusion
sensors and tamper-indicating devices, material surveillance procedures, material
accounting and tracking, and/or specialized nuclear measurement techniques.
i. Delay mechanisms shall be employed to prevent removal or unauthorized use of
Category I and II quantities of SNM. Delay mechanisms may include passive
barriers (e.g., walls, ceilings, floors, windows, doors, security bars), activated
barriers (e.g., sticky foam, pop-up barriers), and obscurants (e.g., cold smoke).
j. Specific protection requirements, such as systems and protective personnel
response capabilities necessary to satisfy identified protection needs, shall be
documented.
2. ACCESS. Access controls shall be in place to ensure that only properly cleared and
authorized personnel are permitted unescorted access to SNM and vital equipment.
Access authorizations (security clearances) shall be accomplished according to DOE O
472.1B, PERSONNEL SECURITY ACTIVITIES. See Table II-1 of this Manual for
SNM access authorization requirements. Access authorization requirements for vital
equipment shall be comparable to Category I SNM.
3. PROTECTIVE FORCE POSTS. See DOE 5632.7A, PROTECTIVE FORCE
PROGRAM, or DOE O 473.2, PROTECTIVE FORCE PROGRAM when implemented.
4. STORAGE. Each facility shall have controls for all categories of nuclear materials held in
storage, consistent with the graded safeguards approach. (See Chapter IX of this Manual
for elaboration). Controls for storage shall:
a. be formally documented;
b. ensure that only authorized personnel have access to the storage repositories (see
Chapter I);
c. prevent and/or detect unauthorized access;
d. describe procedures used to authenticate material movements into or out of a
repository;
TABLE II-1
ACCESS AUTHORIZATION REQUIREMENTS
Special Nuclear
Material Category
Minimum Level of Access
Authorization Required
Remarks
I and
II with credible roll-up to I
Q
Hands-on access or
transportation of Category I
quantities of SNM may require
additional measures, such as
Personnel Security Assurance
Program participation and/or
enhanced material surveillance
procedures, to further reduce
the probability of insider acts.
II and III
L
Unless special circumstances
determined by site
vulnerability assessment,
require Q access authorization
to minimize risk. Document
in Site Safeguards and
Security Plan.
IV
None
Unless special circumstances
determined by site
vulnerability assessment
require access authorization
to mitigate risk. Document in
Site Safeguards and Security
Plan.
e. include procedures for investigating and reporting abnormal conditions;
f. provide a record system to document ingress/egress to repositories; and
g. define procedures for conducting inventories and daily administrative checks.
5. CATEGORY I QUANTITIES OF SPECIAL NUCLEAR MATERIAL.
a. In-Process. Material shall be used or processed within Material Access Areas.
DOE 5633.3B, Page III-3, Paragraph 3b(1), requires a material surveillance
program to detect unauthorized material flows and transfers. Any location within
a Material Access Area that contains unattended Category I quantities of SNM in
use or process shall be equipped with an intrusion detection system or other
effective means of detection approved by the cognizant local DOE authority for
safeguards and security.
b. Storage. Material shall be stored within a Material Access Area.
(1) When not in process or when unattended, material falling under
Attractiveness Level A shall be stored in a vault. Storage facilities for
Category I SNM Attractiveness Level A, constructed after 7-14-94, shall
be underground or below-grade construction.
(2) Material falling under Attractiveness Level B shall be stored in a vault or
provided enhanced protection that exceeds vault-type room storage [e.g.,
collocated with protective force response station and/or activated
barrier(s)].
(3) Material falling under Attractiveness Level C shall, as a minimum, be
stored in a vault-type room.
c. In-Transit. Protection requirements for material in transit shall be as follows.
(1) Domestic offsite shipments of Category I quantities of SNM shall be made
by the Transportation Safeguards System, managed by the Albuquerque
Operations Office.
(2) Packages or containers containing SNM shall be sealed with tamper-
indicating devices.
(3) Protection measures for movements of material between Protected Areas at
the same site, or between Protected Areas and staging areas at the same
site, shall be under direct surveillance by the number of Security Police
Officers necessary to protect against threats as established in the "Design
Basis Threat for Department of Energy Programs and Facilities (U)," and
documented in the SSSP.
6. CATEGORY II QUANTITIES OF SPECIAL NUCLEAR MATERIAL.
a. In-Process. Material shall be used or stored only within a Protected Area. DOE
5633.3B, Page III-3, Paragraph 3b(1) requires a material surveillance program to
detect unauthorized material flows and transfers. Any location within a Protected
Area that contains unattended Category II quantities of SNM in use or process
shall be equipped with intrusion detection systems or other effective means of
detection approved by the cognizant local DOE authority for safeguards and
security.
b. Storage. When not in process or when unattended, material shall be stored in a
vault or vault-type room located within a Protected Area.
c. In-Transit. Shipments shall conform to the shipment requirements for Category I
quantities of SNM. (See Paragraph 5c above.)
7. CATEGORY III QUANTITIES OF SPECIAL NUCLEAR MATERIAL.
a. In-Process. Material shall be processed within a Security Area that provides, at a
minimum, the protection of a Limited Area.
b. Storage. When not in process or when unattended, material shall be stored, at a
minimum, within a Limited Area and secured within a locked security container or
locked room. The container or locked room containing the matter shall be under
the protection of an intrusion detection system or protective patrol at intervals not
to exceed 8 hours.
c. In-Transit.
(1) Domestic offsite shipments of classified configurations of Category III
quantities of SNM may be made by the Transportation Safeguards System.
(2) Methods of shipping unclassified configurations:
(a) Truck or Train. Truck or train shipments shall meet the following
requirements.
1 Government-owned or exclusive-use truck, commercial
carrier, or rail may be used to ship Category III quantities of
SNM.
2 A detailed inspection of the transport vehicle shall be
conducted before loading and shipment. Cargo
compartments shall be locked and sealed while en route.
3 Personnel assigned to escort shipments shall maintain
periodic communication with a control station operator who
can request appropriate local law enforcement agency
response, if needed.
4 Shipments shall be made without intermediate stops except
for emergency reasons, driver relief, meals, refueling, or
transfer of cargo.
(b) Air Shipment. Air shipments of Category III quantities of SNM
may take place if not otherwise prohibited by statute or otherwise
limited by implementing instructions. The shipments shall be under
the direct observation of the authorized escorts during all land
movements and loading and unloading operations.
(3) Movements of Category III quantities of SNM between Security Areas at
the same site shall be according to the appropriate locally-developed
security plan.
8. CATEGORY IV QUANTITIES OF SPECIAL NUCLEAR MATERIAL.
a. In-Process. Material shall be processed according to procedures approved by the
cognizant local DOE authority for safeguards and security.
b. Storage. When not in process or when unattended, material shall be stored
according to the procedures approved by the cognizant local authority for
safeguards and security.
c. In-Transit.
(1) Domestic offsite shipments of classified configurations of Category IV
quantities of SNM may be made by means of the Transportation
Safeguards System, under procedures approved by the Albuquerque
Operations Office as deemed appropriate, and by agreements between the
Manager, Albuquerque Operations Office, and the respective Heads of
Field Elements.
(2) Shipments of unclassified configurations of material may be made by truck,
rail, or water, in commercial, for-hire, or leased vehicles. If not otherwise
prohibited by state or federal laws, Category IV quantities of SNM may
also be shipped by air.
(a) Shipments (except laboratory analysis samples or reference
materials) shall be arranged with a capability to trace and identify,
within 24 hours of request, the precise location where a shipment
went astray, in the event that it fails to arrive at the destination at
the prescribed time.
(b) Shipper shall be required to give the consignee an estimated time of
arrival before dispatch, and follow up with a written confirmation
not later than 48 hours after dispatch.
(c) Consignee shall promptly notify the shipper by telephone and
written confirmation upon determination that a shipment has not
arrived by the scheduled time.
9. VITAL EQUIPMENT. SSSPs shall define applicable threats and measures to protect
vital equipment from hostile actions.
CHAPTER III
PROTECTION OF CLASSIFIED MATTER
1. GENERAL. DOE Order 471.2, INFORMATION SECURITY PROGRAM, of 9-26-95,
establishes the Information Security Program for the control of classified and sensitive
information in use. The protection of classified SNM shall be in accordance with Chapter
II of this Manual if the SNM categories and attractiveness levels dictate more stringent
requirements; otherwise the provisions of this chapter apply.
a. Classification levels shall be used to determine the degree of protection and control
required for classified matter.
b. Classified information, regardless of its form, shall be afforded a level of protection
against loss or compromise commensurate with its level of classification.
c. Classified matter shall be stored in a manner to allow detection and deterrence of
unauthorized access.
d. When possible, classified matter shall be processed, handled, and stored in security
areas providing control measures equal to or greater than those present in Limited
Areas. When classified matter is not processed, handled, and/or stored within
Limited Areas or above, additional control measures shall be required. Control
measures shall include technical, physical, personnel, and/or administrative
measures.
e. Facilities, buildings, rooms, structures, etc., shall be afforded the protection
measures necessary to prevent unauthorized persons from gaining access to
classified matter.
(1) Measures shall be in place to prevent persons from viewing or hearing
classified information.
(2) Conference rooms and areas specifically designated for classified
discussions shall follow Technical Surveillance Countermeasures Program
requirements.
f. Sensitive Compartmented Information Facilities shall be afforded physical
protection in accordance with the Director of Central Intelligence Directives 1/21
(see Attachment 1). Any unresolved issues pertaining to this subject shall be
referred to the Director of Safeguards and Security for coordination.
2. STORAGE REQUIREMENTS.
a. Restrictions on Use of Secure Storage Repositories.
(1) Funds, firearms, medical items, controlled substances, precious metals, or
other items susceptible to theft shall not be stored in the same secure
storage repository used to store classified matter.
(2) Secure storage repositories shall not bear any external classification or
other type markings that would indicate the level of classified matter
authorized to be stored within the container. For identification purposes,
each security container shall externally bear an assigned number.
b. Requirements. Security containers required for the storage of classified matter
shall conform to the GSA standards and specifications and applicable requirements
of Chapter IX of this Manual. Classified matter that is not under the personal
control of an authorized person shall be stored as prescribed below.
NOTE: Inspections by the protective force shall consist of examination of the
exposed surfaces of the container, vault, vault-type-room and steel filing cabinets
to determine if there has been any force entry and to ensure that the container is
locked.
(1) Top Secret Matter. Top Secret matter may be stored in one of the
following ways:
(a) In a locked, General Services Administration (GSA)-approved
security container with one of the following supplemental controls:
1 Under intrusion detection alarm protection with protective
force response within 15 minutes of annunciation of the
alarm.
2 Protective force, with inspections on a 2-hour basis.
3 The security container be equipped with a lock meeting
Federal Specification FF-L-2740 only if the container is
located in a Limited, Exclusion, Protected, or Material
Access Area.
4 Within a Limited Area or above, random protective force
patrols at least once every 8 hours during nonworking
hours. Facilities with large numbers of security containers
shall patrol at least 25 percent of the containers once every
24 hours.
(b) In a vault approved by the cognizant DOE element. The vault shall
be designed and constructed of masonry units or steel-lined
construction and equipped with GSA-approved vault door. (A
GSA-approved modular vault meeting Federal Specification
FFV-2737 may be used in lieu of the above.) The vault shall be
equipped with intrusion detection protection with protective force
response within 15 minutes of alarm annunciation.
(c) In a vault-type room approved by the cognizant DOE element. The
vault-type-room shall be under intrusion detection alarm protection
with protective force response within 15 minutes of alarm
annunciation. The vault-type room shall be located within a
Limited, Exclusion, Protected, or Material Access Area.
(2) Secret Matter. Secret matter shall be stored in a manner authorized for
Top Secret matter or in one of the following ways:
NOTE: Secret matter not stored in security areas providing control
measures equal to or greater than those present in Limited Areas shall be
maintained in an accountability system as required in DOE O 471.2.
(a) In a locked GSA-approved security container.
(b) In a vault approved by the cognizant DOE element; the vault shall
be designed and constructed of masonry units or steel-lined
construction and equipped with GSA vault door. (A GSA-
approved modular vault meeting Federal Specification FFV-2737
may be used in lieu of the above.)
(c) Steel filing cabinets not meeting GSA requirements (such
containers approved for use prior to 7-15-94 may continue to be
used until there is a need for replacement) shall be equipped with an
automatic unit locking mechanism and three-position, dial-type,
built-in combination lock. In addition, one of the following
supplementary controls is required;
1 Within a Security Area providing, as a minimum, the
protection level of a Limited Area or above.
2 Under intrusion detection alarm protection with protective
force response within 30 minutes of alarm annunciation; or
3 Inspections of the container every four hours by protective
force.
(d) In a vault-type room approved by the cognizant DOE element with
one of the following supplemental controls:
1 within a Security Area providing as a minimum the
protection level of a Limited Area or above;
2 under intrusion detection alarm protection with protective
force response within 30 minutes of alarm annunciation; or,
3 under inspection every 4 hours by protective force.
(3) Confidential Matter. Confidential matter shall be stored in a manner
authorized for Secret matter, except that supplemental controls are notrequired.
c. Nonstandard Methods of Storage.
Within the minimum protection level of a Limited Area, nonstandard methods of
storage may be applied for Top Secret, Secret, and Confidential material whose
size, weight, construction, or other characteristics preclude storage as discussed in
the subparagraphs above.
(1) Local safeguards and security authorities shall base their protection
measures upon the results of documented vulnerability analyses. These
vulnerability analyses shall address the nature of the matter to be protected
(e.g., size, weight, composition, radioactivity, and importance to an
adversary and/or the Department) in relation to the threat. Additionally,
vulnerability analyses must consider the portability of the classified matter,
ease of concealment, time needed to gain access, ease of gaining access,
protective force response time, and the potential consequences of gaining
unauthorized access.
(2) Measures (e.g., barriers, locks, intrusion detection systems, and protective
force) tailored to address the specific nonstandard condition, as determined
by local safeguards and security authority shall be implemented to provide
protection to deter unauthorized access to classified matter.
(3) Measures to be implemented for each nonstandard condition shall be
documented in the applicable security plan and approved by the cognizant
DOE security office.
(4) For protective force to be employed as a specified supplemental protection
measure, due consideration should be given to ensuring the interval for
those inspections is less than the time required for an adversary to gain
undetected access to the classified matter and/or remove the classified
matter and escape detection.
d. Protective Force Personnel.
(1) If an unattended secure storage repository containing classified matter is
found open, the repository shall be secured by designated protective
personnel and a custodian notified immediately. The contents shall be
checked no later than the next workday. If there is an indication of a
violation or compromise, the contents shall be checked immediately by a
custodian, being careful not to destroy fingerprints or other physical
evidence. The violation or compromise shall be reported and inquiries
conducted as required by DOE O 471.2 and DOE O 470.1,
SAFEGUARDS AND SECURITY PROGRAM.
(2) Protective personnel, private security firms, or local law enforcement
personnel shall respond to intrusion detection alarms, as documented in
approved security plans.
e. Alternate Storage Locations.
(1) With prior written DOE approval, a bank safe deposit box/vault may be
used to store Secret or Confidential matter, provided that the lock and
keys to the box/vault are changed prior to such use and the customer's key
is furnished only to persons authorized access to the contents.
(2) Federal Records Centers, approved as outlined in DOE O 470.1, may be
used to store classified information.
3. PROTECTING CONTAINER INFORMATION.
a. Protection of Security Containers and Combinations. The outside of the security
container shall not be marked to indicate that the contents are Top Secret, Secret,
or Confidential. Security containers, vaults, and vault-type rooms used to protect
safeguards and security interests shall be kept locked when not under direct
supervision of an authorized individual. Combinations shall be protected at the
classification level and category of the matter being protected. A minimum
number of authorized persons (i.e., personnel having access authorization for the
information kept in that container) shall have the combination to the storage
container or access to the information stored within the security container.
(1) To ensure proper protection of the combination, part 2 of SF700 shall be
marked with the highest classification level and category (indicate if
National Security Information, Restricted Data or Formerly Restricted
Data) of the information being stored within the secure storage container.
Classifier information is not required to be affixed to part 2 of the SF700.
(2) To comply with classification guidance, part 2A should be marked onlywith the highest classification level of the combination. The category is notmarked on this part of the form. Classifier information is not required to be
affixed to part 2 of the SF700.
(3) All persons who know the container's combination must be listed on the
SF700. If needed, a continuation page may be used.
b. Changing Combinations. Combinations shall be changed by an appropriately
cleared, authorized individual. Combinations shall be changed at the earliest
practical time following:
(1) initial receipt of a GSA-approved security container or lock;
(2) reassignment, transfer, or termination of employment of any person who
knows the combination, or when the DOE access authorization granted to
any such person is downgraded to a level lower than the category of matter
stored, or when the DOE access authorization has been administratively
terminated, suspended, or revoked;
(3) compromise or suspected compromise of a security container or its
combination, or discovery of a security container unlocked and unattended.
c. Selection of Combination Settings. Combination numbers shall be selected at
random, avoiding simple ascending or descending series such as 10-20-30 or 50-
40-30. Care shall also be exercised to avoid selecting combinations of numbers
that are easily associated with the person(s) selecting the combination (e.g., birth
dates, anniversaries, social security numbers, or telephone extensions).
d. Security Repository Information. Applicable requirements concerning security
repositories are provided below.
(1) Security Container Information. An SF-700, "Security Container
Information," shall be completed for all security containers, rooms, vaults,
and other approved locations for the storage of classified matter.
(a) Part 1 of the SF-700 shall be affixed to the security container to
ensure high visibility. On rooms or vaults, Part 1 of the SF-700
shall be affixed to the inside of the door containing the combination
lock. On security containers, it shall be placed on the inside (back
front) of the locking drawer or on the front of the locking drawer,
at the user's discretion.
(b) Part 2 and 2a of each completed copy of SF 700 shall be classified
at the highest level of classification of the information authorized
for storage in the repository.
(2) Security Container Check Sheets. An integral part of the security check
system shall be ensuring that classified matter has been properly stored and
that security containers, vaults, or vault-type rooms have been secured.
SF-702, "Security Container Checklist," shall be used to record the end-of-
day security checks.
(a) The SF-702 shall be used to record the names and times of the
persons who have opened, closed, or checked a particular
container, room, or vault holding classified information.
(b) The SF-702 shall be used in all situations requiring the use of a
security container check sheet and shall be affixed to the container
or entrance to a room or vault.
(3) Activity Security Checklist. SF-701, "Activity Security Checklist,"
provides a systematic means of checking end-of-day activities for a
particular work area, allowing for employee accountability in the event that
irregularities are discovered. The checklist identifies such activities as
checking security containers, desks, and wastebaskets for classified matter
and ensuring that windows and doors are locked, ribbons for classified
typewriters and automated data processing equipment have been secured,
and security alarms have been activated. Use of the SF-701 is optional
except in situations requiring detailed end-of-day security inspections,
when its use is mandatory.
(4) Records. Completed SF-701s and SF-702s shall be maintained according
to General Record Schedule 18. CHAPTER IV
RADIOLOGICAL AND TOXICOLOGICAL SABOTAGE PROTECTION
1. GENERAL. Safeguards and security planning shall include protection of the health and
safety of employees, the public, and the environment against potential adverse impacts of
radiological and toxicological sabotage. Protection shall be provided in a graded manner,
consistent with the level of hazards present. The following requirements shall apply.
a. Facilities representing a "significant" radiological/toxicological sabotage threat
shall document in the SSSP the sabotage assessment process and the facility
program for protection against such a threat.
b. A facility may be considered to present a "significant" potential
radiological/toxicological sabotage threat when any of the following materials are
present at the facility:
(1) SNM that is respirable or that can be assimilated into the human body;
(2) quantities of radioactive materials sufficient to achieve a critical mass;
(3) radioactive materials in excess of quantities listed in Title 10 Code of
Federal Regulations (CFR) 30.72;
(4) hazardous chemicals in quantities greater than 10,000 lbs (or 4,540 Kgs);
(5) extremely hazardous substances in quantities greater than "Threshold
Planning Quantities" (TPQ) listed in SARA Title III, found at 40 CFR 255,
Appendices A and B.
2. PROTECTION PLANNING.
a. Safety analysis reports completed for accident scenarios, emergency event
classification, vulnerability analysis reports (VARs), protection actions, and
consequence assessments, as well as other pertinent information that can be used
to assess risks and/or consequences of sabotage release scenarios, shall be
considered in the radiological/toxicological sabotage analysis. Paragraph 4 of this
chapter should be considered in formulating the radiological/toxicological sabotage
targets.
b. The methodology for completing a radiological/toxicological sabotage assessment
shall parallel that used for completing the vulnerability analysis for theft/diversion
of SNM, and shall be integrated into the site VAR(s).
c. Consequence values, as shown in Table IV-1, shall consider how acts of
radiological and toxicological sabotage would affect the public, employees, and the
environment.
d. Radiological/toxicological sabotage analysis completed after the date of this
Manual shall consider a wide variety of factors, such as materials, locations, site-
specific features, and existing security and safety features. The analysis shall
include the development and analysis of a spectrum of scenarios leading to
radiological/toxicological releases.
3. ASSESSMENT OF RISKS. The DOE Design Basis Threat, regional threat assessments,
and when available, local threat descriptions, shall be the basis for the site/facility
vulnerability assessment and for which the protection program is designed. The threat,
targets, and protection strategies shall be documented in the SSSP.
a. The radiological/toxicological sabotage assessment shall consider the complete
spectrum of available resources in identifying and developing preventive, response,
and mitigation options.
(1) Within the limits of the DOE Design Basis Threat, every combination of
insider and outsider threat shall be analyzed to determine which threats
apply to specific site facilities.
(2) For the facility and target involved, the protection strategies pertaining to
denial and mitigation and the title of the responsible office for each plan or
procedure in which the strategies are described shall be documented.
(3) Documentation shall describe procedures for the mitigation of a
radiological/toxicological sabotage event, and risk acceptance shall be
documented.
b. Hazardous materials shall be identified. Threshold quantities of hazardous
materials shall be screened to eliminate those facilities whose vulnerability to
sabotage is limited by the lack of sufficient inventory. Note that this evaluation
should be based on a maximum level of hazardous materials that are expected or
that may be present at the facility.
4. PROTECTION OF RADIOLOGICAL/TOXICOLOGICAL SABOTAGE TARGETS.
a. The analysis of all radiological/toxicological sabotage target assessments shall be
included in the SSSP Vulnerability Analysis Report (VAR).
(1) All SNM identified as theft targets under the provisions of Chapter II of
this Manual shall also be identified as potential radiological/toxicological
sabotage targets and afforded a radiological/toxicological sabotage
analysis.
(2) If the radiological/toxicological sabotage targets are not subject to the
SNM theft protection requirements of Chapter II, an evaluation will be
made to determine if the potential targets are afforded protection equal to
or greater than similar material in the commercial or private sector. If the
targets are afforded this level of protection, no further analysis is required.
(3) A radiological/toxicological sabotage analysis must be performed for those
radiological/toxicological sabotage targets not subject to (1) or (2) above,
not found in the commercial or private sector, and not afforded a
protection level equal to or greater than that provided for in the
commercial or private sector.
b. The following prevention and mitigation options shall be implemented in a graded
manner, based on the results of the radiological/toxicological sabotage analysis:
(1) safeguards and security features to prevent or detect adversary actions (i.e.,
access and materials controls, surveillance, additional barriers/alarms, and
entry/exit inspections);
(2) additional controls or equipment that would prevent the sabotage release
scenario (i.e., providing automatic shutdown if components fail, adding
backup systems, or establishing Protected/Vital Areas); and
(3) event-mitigating actions, such as establishing shelters, emergency
notifications/evacuations, reducing and/or removing inventory quantities,
or changing storage locations.
TABLE IV-1
RADIOLOGICAL AND TOXICOLOGICAL SABOTAGE
CONSEQUENCE VALUES
Consequence
Value
Impact
Effects on the Public, Employees, and the
Environment from Acts of Radiological or
Toxicological Sabotage
1.0
Catastrophic
On- and off-site fatalities and injuries, long-term
denial of facility (greater than 2 years) due to damage
or radiation contamination, and off-site denial of food,
water, or habitat due to contamination for more than 1
year.
0.8
High
Off-site injuries and on-site fatalities and injuries, on-
site facility denial for 1 to 2 years, and off-site denial of
food, water, or habitat due to contamination for less
than 1 year.
0.5
Moderate
On-site injury (no off-site injury), on-site facility denial
for 6 months to 1 year, and denial of food, water, or
habitat due to contamination for less than 6 months.
0.2
Low
On-site injury, on-site facility denial for less than 1
month, and no impact on food, water supply or habitat.
CHAPTER V
SECURITY AREAS
1. GENERAL. The local DOE safeguards and security authority may determine the
application of the Security Area requirements for Property Protection Areas. The
following applies to Security Areas.
a. Access shall be controlled to limit entry to appropriately cleared and/or authorized
individuals.
(1) Any person allowed to enter a Security Area who does not possess an
access authorization at the appropriate level shall be escorted at all times by
a cleared and knowledgeable individual.
(2) Local authorities shall establish escort-to-visitor ratios in a graded manner
for each of these Security Areas.
b. Access control requirements may be layered as appropriate for the situation. At
succeeding boundaries, access controls may be more stringent.
c. A personnel identification system (e.g., security badge system) shall be used to
control access.
d. Automated access control systems may be used as approved by the cognizant local
DOE authority for safeguards and security.
(1) Automated access controls, when used for access to any security area,
except property protection areas designated by the local authority, shall
require the minimum of the verification of a valid DOE Standard Badge
and personal identification number.
(2) When remote automated access control systems are used for access to
security areas, each barrier penetration shall provide the same degree of
penetration resistance as the barrier itself. Anti-tailgating means and
procedures must be implemented.
(3) Both central and secondary alarm stations shall be used to monitor
automated access control systems used to protect Category I SNM,
Category II SNM capable of roll-up to Category I, and Top Secret matter.
(4) Automated access control system events (e.g., annunciation of a door
alarm, tamper alarm, or anti-passback indication feature, or the occurrence
of an unauthorized entry attempt) shall be treated in the same manner as an
intrusion alarm for the area being protected.
e. Means shall be provided to deter unauthorized intrusion into Security Areas. Such
means include the use of intrusion detection sensors and alarm systems, barriers,
random patrols, and/or visual observation. The protection program shall include
suitable means to assess alarms. Intrusion detection and assessment systems used
for the protection of Category I SNM, Category II SNM capable of roll-up to
Category I, and Top Secret matter shall be monitored in both central and
secondary alarm stations. See Paragraph 1, Page VI-1 for amplified requirements.
f. Entrance/exit inspections, as required, shall be made by protective personnel or
with detection equipment designed to detect prohibited articles. (See
subparagraph (2) below.) Inspections of personnel, hand-carried items, packages
and mail, and/or vehicles shall provide reasonable assurance that prohibited articles
are not introduced and that safeguards and security interests are not removed from
the area without authorization.
(1) Inspections. Inspection procedures, requirements, and frequencies shall be
developed based on a graded approach and included in the appropriate
security plan. Where random entry or exit inspections are permissible, the
inspection shall be conducted on a percentage basis, determined by the
local cognizant DOE authority for safeguards and security, using
techniques that ensure randomness.
(2) Prohibited Articles. The following articles are prohibited from all Security
Areas: any explosives or other dangerous weapon, instrument, or material
likely to produce substantial injury or damage to persons or property
(Reference: Title 10 CFR Part 860, and Title 41 CFR Part 101-19.3); any
controlled substances (e.g., illegal drugs and associated paraphernalia, but
not prescription medicine); hazardous chemicals; and any other items
prohibited by law. The local cognizant DOE authority for safeguards and
security may authorize the introduction of explosives and weapons used to
conduct official Government business.
(3) Controlled Articles. The following privately owned articles are not
permitted in a Limited, Exclusion, Protected, or Material Access Area
without prior authorization of the local cognizant DOE authority for
safeguards and security:
(a) recording equipment (audio, video, optical, or data);
(b) electronic equipment with a data exchange port capable of being
connected to automated information system equipment;
(c) cellular telephones;
(d) radio frequency transmitting equipment; and
(e) computers and associated media.
(4) Concentric Security Areas. When a Security Area other than a Material
Access Area is within a larger Security Area, additional entry/exit
inspections are not required at the inner Security Area perimeter if
inspections conducted at the outer Security Area boundary are at the same
level as required for the inner Security Area boundary. Entry and exit
inspections shall be conducted at Material Access Area boundaries
regardless of outer boundary inspections.
g. Clearly defined physical barriers, such as fences, walls, and doors, shall be used to
define the boundary of a Security Area. Barriers shall meet the following
requirements, as well as supplementary requirements defined in Chapter VII,
Paragraph 1, of this Manual.
(1) Barriers shall direct the flow of personnel and vehicles through designated
entry control portals.
(2) Barriers and entry control portals, supplemented by other systems such as
patrols or surveillance, shall be used to deter and detect introduction of
prohibited articles or removal of safeguards and security interests.
(3) Barriers shall be used to deter and/or prevent penetration by motorized
vehicles where vehicular access could significantly enhance the likelihood
of a successful malevolent act, associated with Protected Areas and high
level security areas.
(4) Barriers shall be capable of controlling, impeding, or denying access to a
Security Area.
h. Emergency personnel and vehicles may be authorized immediate entry to security
areas when escorted by properly cleared and authorized personnel. Personnel and
vehicles shall be subject to exit inspections upon completion of the emergency
situation.
i. Signs shall be posted to convey information on the Atomic Weapons and Special
Nuclear Rewards Act; prohibited articles; the inspection of vehicles, packages, or
persons either entering or exiting; notification of video surveillance equipment; and
trespassing, if applicable. Signs prohibiting trespassing shall be posted around the
perimeter and at each entrance to a Security Area except when one Security Area
is located within a larger posted Security Area. See Chapter XII for further
details.
j. Visitor logs are required at Protected Areas, Material Access Areas, and Exclusion
Areas. Requirements for other Security Areas, if any, and procedures for visitor
logs at Security Areas shall be developed and approved by the cognizant local
DOE authority for safeguards and security. DOE F 1240.1, "Foreign Visitors
Security Register," and DOE F 5630.6, "Visitors Security Register," shall be used.
Logs shall be retained in accordance with DOE O 200.1, INFORMATION
MANAGEMENT PROGRAM, and General Records Schedule 18.
2. PROPERTY PROTECTION AREA. A Property Protection Area is a Security Area
established by local authority to protect DOE property. A Property Protection Area may
be established to protect against damage, destruction, or theft of Government-owned
property, and for public access. Measures taken shall be adequate to give reasonable
assurance of protection and may include physical barriers, access control systems,
protective personnel, intrusion detection systems, and locks and keys. Protective
measures taken shall be determined by local authorities and shall provide appropriate,
graded protection as follows.
a. Access controls may be implemented to protect DOE property and facilities.
When access to a Property Protection Area is controlled by an automated access
control system, the system shall verify the validity of the DOE standard badge (i.e.,
that the badge serial number read by the system matches the serial number assigned
to the badge holder).
b. Signs prohibiting trespassing, where necessary, shall be posted around the
perimeter and at each entrance to the Property Protection Area in accordance with
Title 10 CFR Part 860, Trespassing on Administration Property, and Title 41 CFR
Part 101-19.3, Federal Property Management Regulation. See Chapter XII.
c. Vehicles and hand-carried items entering or exiting are subject to inspection to
deter and/or detect unauthorized introduction of contraband and removal of
Government assets.
d. Physical barriers may be used to protect property and facilities.
e. Property Protection Area security measures may range from facilities open to
public access to that of a Protected Area, at the discretion of the local authority
and as implemented in the SSSP.
3. LIMITED AREA. A Limited Area is a Security Area defined by physical barriers, used to
protect classified matter and/or Category III quantities of SNM, where protective
personnel or other internal controls can prevent access by unauthorized persons to
classified matter or SNM.
a. Requirements. A Limited Area shall have barriers identifying its boundaries and
encompassing the designated space, access controls to provide reasonable
assurance that only authorized personnel are allowed to enter and exit the area,
and random entrance/exit contraband inspections. Limited Area access
requirements shall be administered as follows.
(1) Individuals permitted unescorted access shall have access authorization and
need-to-know consistent with the matter under protection within the area.
(2) When access to a Limited Area is authorized for a person without
appropriate access authorization or need-to-know, measures shall be taken
to prevent compromise of classified matter.
(3) Access to safeguards and security interests within a Limited Area, when
not in approved storage, shall be controlled by the custodian(s) or
authorized user(s).
b. Personnel and Vehicle Access Control. Validation of the identity and access
authorization of persons allowed access shall be administered by protective
personnel (e.g., protective force or other appropriately authorized personnel)
and/or automated systems and shall be accomplished at the Limited Area
entrance(s). Access control requirements shall be as follows.
(1) Privately-owned Government employee and contractor vehicles shall be
prohibited from a Limited Area.
(2) Government-owned or Government-leased vehicles shall be admitted only
when on official business and only when operated by properly cleared and
authorized drivers, or when escorted by properly cleared, authorized
personnel. Emergency service vehicles (e.g., ambulances, fire trucks, and
police vehicles), may be granted immediate access when escorted by
properly cleared and authorized personnel. The local safeguards and
security authority shall implement procedures for search and access of
service and delivery vehicles on official business; however, escort by
properly cleared and authorized personnel is required. Entry of service and
delivery vehicles shall be kept to an operational minimum.
(3) Where access to a Limited Area is controlled by an automated access
control system, the system shall verify the following: valid access
authorization, valid Personal Identification Number, and valid DOE
standard badge (i.e., the badge serial number read by the system matches
the serial number assigned to the badge holder).
4. EXCLUSION AREA. An Exclusion Area is a Security Area defined by physical barriers
and subject to access control, where mere presence in the area would result in access to
classified matter.
a. Requirements. An Exclusion Area shall have barriers identifying its boundaries
and encompassing the designated space and access controls and entrance/exit
inspections to provide reasonable assurance that only authorized personnel are
allowed to enter and exit the area. Exclusion Area requirements shall be
administered as follows.
(1) An Exclusion Area shall meet all requirements for a Limited Area. An
analysis should be conducted to determine if a valid biometric template is
required to protect Top Secret classified matter and Restricted data.
(2) Access requirements are as follows.
(a) Individuals allowed unescorted access shall have access
authorizations and need-to-know consistent with the matter to
which they would have access by mere virtue of their presence in
the area.
(b) When access to an Exclusion Area is authorized for a person
without appropriate access authorization and need-to-know,
measures shall be taken to prevent compromise of classified matter
while the individual is in the area.
b. Personnel and Vehicle Access Control. Validation of the identity and access
authorization of persons allowed access shall be accomplished at the Exclusion
Area entrance(s) and shall be administered by protective personnel and/or
automated systems.
(1) Private vehicles shall be prohibited from Exclusion Areas.
(2) Government-owned or Government-leased vehicles shall be admitted only
when on official business and when operated by properly cleared and
authorized drivers. Emergency service vehicles (e.g., ambulances, fire
trucks, and police vehicles) may be granted immediate access when
escorted by properly cleared and authorized personnel. The local
safeguards and security authority shall implement procedures for search
and access of service and delivery vehicles on official business; however,
escort by properly cleared and authorized personnel is required. Entry of
service and delivery vehicles shall be kept to an operational minimum.
(3) Where access to an Exclusion Area is controlled by an automated access
control system, the system shall verify the following: valid access
authorization, valid Personal Identification Number, and valid DOE
standard badge (i.e., the badge serial number read by the system matches
the serial number assigned to the badge holder).
5. PROTECTED AREA. A Protected Area is a Security Area encompassed by physical
barriers, surrounded by perimeter intrusion detection and assessment systems, and
equipped with access controls to protect Category II quantities of SNM and/or to provide
a concentric security zone surrounding a separately defined Material Access Area or Vital
Area.
a. Requirements. The requirements for a Protected Area shall be as follows.
(1) Entrance inspections of personnel, vehicles, and hand-carried items shall be
conducted to deter and detect the unauthorized introduction of contraband.
Specific inspection procedures and SNM/metal detection levels and
limitations shall be established and documented.
(2) Exit inspections of personnel, vehicles, and hand-carried items shall be
conducted to deter and detect the unauthorized removal of SNM. Specific
inspection procedures and SNM/metal detection levels and limitations shall
be established and documented. When the Protected Area encompasses a
Material Access Area, and no Category II or greater quantity of SNM is
contained outside the Material Access Area, then no exit inspection is
required.
(a) A physical or electronic inspection shall be separately conducted of
vehicles, personnel, packages, and all other containers at all routine
exit points for Protected Areas that contain Category I quantities
(or lesser quantities with credible roll-up to a Category I quantity).
(b) Exit inspection procedures and detection levels for SNM and
shielding shall be established consistent with the material type,
form, quantity, attractiveness level, size, configuration, portability,
and credible diversion amounts of SNM contained within the area.
(c) Exit inspections shall be capable of detecting shielded SNM (e.g.,
by using a combination of SNM and metal detectors) and shall meet
requirements for metal and SNM detection as determined by the
Manager, Operations Office.
(d) Procedures used shall ensure that unalarmed portals shall have the
means to detect SNM.
(3) Exits shall be alarmed or controlled at all times.
(4) Protected Area perimeter intrusion detection and assessment systems shall
be monitored in a continuously manned central alarm station.
(5) Protective force response time to an intrusion detection shall be less than
the delay time that can be demonstrated from alarm activationuntil
intruders could complete adverse actions.
b. Personnel and Vehicle Access Control. Validation of the identity and access
authorization of persons authorized access shall be administered by armed
protective force personnel and/or an automated access control system as
determined by local safeguards and security authorities. Access control
requirements shall be as follows.
(1) Private vehicles shall be prohibited from a Protected Area.
(2) Government-owned or Government-leased vehicles shall be admitted only
when on official business and only when operated by properly cleared and
authorized drivers, or when escorted by properly cleared, authorized
personnel. Service and delivery vehicles shall be admitted only when on
authorized business and when driven or escorted by properly cleared,
authorized personnel. Entry of service and delivery vehicles shall be kept
to an operational minimum.
(3) Where access to a Protected Area is controlled by an automated access
control system, the system shall verify the following: valid access
authorization, valid Personal Identification Number, and valid DOE
standard badge (i.e., the badge serial number read by the system matches
the serial number assigned to the badge holder).
6. VITAL AREA. A Vital Area is a Security Area located within a Protected Area used for
the protection of vital equipment. All vital equipment shall be contained within a Vital
Area.
a. Requirements. In addition to protection strategies at a Protected Area, the
following requirements shall be met.
(1) Area boundaries shall conform to the layered protection concept, with a
separate Vital Area perimeter located within a separate and distinct
Protected Area.
(2) The perimeter of each Vital Area shall be monitored to deter and detect
unauthorized entry attempts.
(3) Vital equipment shall be protected with an intrusion detection system.
(4) Exits shall be alarmed or controlled at all times.
(5) Protective force response time to an intrusion detection shall be less than
the delay time that can be demonstrated from alarm activation until
intruders could complete adverse actions.
b. Personnel and Vehicle Access Control. The local safeguards and security authority
shall implement procedures for personnel and official vehicles for Vital Area
access. The procedure shall require the validation of the identity and access
authorization of persons authorized access and shall be administered by protective
personnel or an automated access control system. Access control requirements
shall be as follows.
(1) Private vehicles shall be prohibited from a Vital Area.
(2) Government-owned or Government-leased vehicles shall be admitted only
when on official business and only when operated by properly cleared and
authorized drivers, or when escorted by properly cleared and authorized
personnel. Service and delivery vehicles shall be admitted only when on
authorized business and when driven by or escorted by properly cleared
and authorized personnel.
(3) Where access to a Vital Area is controlled by an automated access control
system, the system shall verify the following: valid access authorization,
valid Personal Identification Number, and valid DOE standard badge (i.e.,
that the badge serial number read by the system matches the serial number
assigned to the badge holder).
7. MATERIAL ACCESS AREA. A Material Access Area is a Security Area defined by
physical barriers and subject to access control, used for the protection of Category I
quantities of SNM or Category II quantities of SNM with credible roll-up to a Category I
quantity. A Material Access Area shall be contained within a Protected Area and shall
have separately defined physical barriers constructed to provide sufficient delay time to
control, impede, or deter unauthorized access. Area boundaries shall conform to the
layered protection concept, with a separate Material Access Area perimeter located within
a separate and distinct Protected Area. Material Access Area barriers shall direct the flow
of personnel and vehicles through designated portals.
a. Requirements. Inspections shall provide reasonable assurance against the
unauthorized introduction of prohibited articles or removal of SNM by force,
stealth, or deceit.
(1) Entrance inspections of personnel, vehicles, and hand-carried items shall be
conducted to deter and detect the unauthorized introduction of prohibited
articles.
(2) Exit inspections of personnel, vehicles, and hand-carried items shall be
conducted to deter and detect the unauthorized removal of SNM. Specific
inspection procedures and SNM/metal detection levels and limitations shall
be established and documented.
(a) A physical or electronic inspection shall be separately conducted of
vehicles, personnel, packages, and all other containers at all routine
exit points for Material Access Areas that contain Category I
quantities (or lesser quantities with credible roll-up to a Category I
quantity).
(b) Exit inspection procedures and detection levels for SNM and
shielding shall be established consistent with the material type,
form, quantity, attractiveness level, size, configuration, portability,
and credible diversion amounts of SNM contained within the area.
(c) Exit inspections shall be capable of detecting shielded SNM (e.g.,
using a combination of SNM and metal detectors) and shall meet
requirements for metal and SNM determined by the Manager,
Operations Office.
(d) Procedures used shall ensure that unalarmed portals have the means
to detect SNM.
(3) Protective force response time to an intrusion detection shall be less than
the delay time that can be demonstrated from alarm activation until
intruders could complete adverse actions.
(4) Exits and all openings larger than 96 square inches (619.20 square
centimeters) shall be alarmed with intrusion detection sensors or controlled
at all times. (See Chapter VIII, Paragraph 1.g.(2).)
(5) Material in process or stored within an unattended Material Access Area or
within a vault or vault type room within the Material Access Area shall be
protected by intrusion detection sensors.
(6) Intrusion detection sensors and assessment systems shall be monitored in a
continuously manned central alarm station.
b. Personnel and Vehicle Access Control. Validation of the identity, access
authorization, and authority to enter for persons allowed access shall be
accomplished at Material Access Area entrances. Access control shall be
administered by armed protective force personnel and/or automated access control
systems as determined by local safeguards and security authorities.
(1) Private vehicles shall be excluded from a Material Access Area.
(2) Government-owned or Government-leased vehicles shall be admitted to
Material Access Areas only when on official business. Drivers must have
the proper access authorization or be escorted by authorized personnel
with the proper access authorization.
(3) Exit detection levels for SNM and shielding shall be established consistent
with the form, quantity, attractiveness level, and credible diversion
amounts/attempts of SNM contained within the area.
(4) Where access to a Material Access Area is controlled by an automated
access control system, the system shall verify the following: valid access
authorization, valid Personal Identification Number, valid DOE standard
badge (i.e., that the badge serial number read by the system matches the
serial number assigned to the badge holder), and valid biometric template.
8. OTHER SECURITY AREAS. Other security areas shall be administered as follows and
as outlined in pertinent DOE directives.
a. Sensitive Compartmented Information Facilities. The Department of Energy
follows requirements in Director of Central Intelligence Directive 1/21 for the
construction of Sensitive Compartmented Information Facilities.
b. Central Alarm Station. A central alarm station shall be used in protection of
Category I and II quantities of SNM. A central alarm station shall meet the
requirements of a hardened post and shall be located, as a minimum, within a
Limited Area. Requirements are as follows.
(1) An access control system shall be used to restrict admittance to persons
who require access in the performance of official duties.
(2) A central alarm station shall be attended constantly by appropriately trained
security personnel who possess access authorizations commensurate with
the most sensitive asset that is under the protection of the central alarm
station.
c. Secondary Alarm Stations. Facilities with Category I or II quantities of SNM shall
have a secondary alarm station. Used as an alternative alarm annunciation point to
the central alarm station, the secondary alarm station shall be maintained at a
location continuously manned, such that a response can be initiated if the central
alarm station cannot perform its intended function. Secondary alarm stations shall
meet the operational requirements of central alarm stations with the exception of
hardening and location within a Limited Area. The secondary alarm station need
not be fully redundant to the central alarm station, but shall be capable of providing
effective control response to safeguards and security incidents.
d. Local Law Enforcement Agency or Private Alarm Station. If response by local
law enforcement agency/protective personnel to alarm activity is required for
facility approval, the response shall meet the specifications for Grade AA as
contained in Underwriters Laboratories Standard 611, "Central-Station Burglar-
Alarm Systems."
e. Secure Communications Centers and Automated Information System Centers.
(1) Centers handling classified messages or information shall be located, as a
minimum, within a Limited Area.
(2) Separate access controls and barriers shall be established to restrict
admittance to persons employed therein or who require access in the
performance of official duties.
(3) Access authorizations, consistent with the highest level and category of
classified information handled, shall be required for all persons assigned to
or having any unescorted access to these centers. A list of persons
authorized such access shall be maintained within the center, and a record
of all visitors entering the facility shall be maintained.
CHAPTER VI
PROTECTION ELEMENT: INTRUSION DETECTION AND ASSESSMENT SYSTEMS
1. GENERAL. Intrusion detection systems shall be installed to provide reasonable assurance
that breaches of security boundaries are detected and alarms are generated at a
continuously manned alarm annunciation point. Intrusion detection systems shall be
provided for Protected Areas (as required in Chapter V, Paragraph 5), for Vital Areas, (as
required in Chapter V, Paragraph 6), and for Material Access Areas and SNM (as
discussed in Chapter V, Paragraph 7, and Paragraphs 2, 3, and 4 below). Intrusion
detection systems shall be provided for protection of classified matter as described in
Chapter III, pragraph 2b. Intrusion detection systems shall also be provided for vaults,
vault-type rooms, Sensitive Compartmented Information Facilities, Classified Automated
Information System facilities, and Secure Communications Centers. For other
applications, the impact of loss or destruction of property and facilities shall be considered
when assessing the need for intrusion detection systems.
2. GENERAL REQUIREMENTS. Specifications for intrusion detection systems shall be as
follows.
a. A means for timely detection of intrusion shall be provided by the use of intrusion
detection systems and/or protective force fixed posts and/or mobile patrols.
Timely assessment of intrusion detection system alarms shall be provided by
electronic systems and/or patrols. Electronic assessment systems shall be fixed in
place. When used for detection, patrols shall be conducted at random intervals, at
a documented frequency.
b. Intrusion detection systems shall provide operable coverage in all environmental
conditions common to that area and under all common types of lighting conditions.
c. Visual observation by protective personnel on patrol or in fixed posts may
complement intrusion detection systems and increase the probability of early
detection.
d. There shall be an effective method by which to assess all intrusion detection system
alarms (e.g., intrusion, false, nuisance, system failure, and tamper), and radio
frequency (RF) jamming.
e. Response capability to intrusion detection system alarms shall be provided to
protect DOE safeguards and security interests. The response capability may be
provided by assigned protective personnel or by the local law enforcement agency,
as applicable. Response times shall be appropriate for the protection strategy
employed at the site.
f. Intrusion detection systems shall employ multiple detection layers for Category I
and II SNM targets. Complementary sensor selection is required when multiple
types of sensors are deployed.
g. Intrusion detection systems shall be designed, installed, operated, and maintained
to ensure that the number of false and nuisance alarms does not reduce the system
effectiveness. System effectiveness metrics results shall be recorded.
h. Intrusion detection systems and their associated components, such as sensors,
multiplexers, power supply cabinets, processors, junction boxes, and alarm access
panels that service Protected Areas, Material Access Areas, or Vital Areas, shall
resist tampering and provide an alarm to indicate tampering.
i. Intrusion detection systems shall be monitored continuously by personnel assigned
to assess alarms and intrusion activities. Monitoring personnel shall initiate the
appropriate responses.
j. Compensatory measures shall be provided during times when the intrusion
detection system is not in operation or not operating effectively. RF devices used
to protect Category I SNM are considered temporary compensatory measures that
require deviation approval.
k. Systems installed after 9/14/94, used in the protection of Category I quantities of
SNM, shall employ redundant, independently routed communication paths to avoid
a single point failure. If the communication path is in a "loop" configuration, it
must feature reverse polling to meet this requirement. The redundant pathways
shall begin at a data collection point and be conveyed and reported independently
to a physically separated central alarm station and secondary alarm station. The
use of two RF alarm communication devices to protect Category I SNM, one as
the primary path and the other as secondary path, does not satisfy the DOE
requirement for redundant communications paths. Several intrusion detection
sensors may be connected to a common data collection point.
l. Records shall be kept on each alarm. The alarm record shall contain, as a
minimum: date and time of the alarm; cause of the alarm or a probable cause if
definite cause cannot be established; and the identity of the recorder or the
operator on duty. The record shall be reviewed, analysis performed, and
corrective measures taken as applicable.
m. Alarm monitoring systems shall annunciate system and system component failure,
including RF systems alarms, in the alarm station(s). For the protection of
Category I and II quantities of SNM, alarms shall be annunciated in both the
central and secondary alarm stations. Systems shall indicate the type and location
of the alarm source.
n. In existing intrusion detection systems where dedicated telephone cable pairs are
used to connect the intrusion detection system to the alarm station and/or
annunciating point, cable pairs shall not be routed through telephone switching
equipment.
o. The system shall have a means of providing the system operator, response force, or
maintenance personnel the location of the alarm.
p. RF alarm communication devices shall use approved Digital Encryption System
(DES) encryption or other National Security Agency-approved encryption
techniques.
q. RF alarm communication devices, including those RF devices used as
compensatory measures to protect Category I SNM, shall meet all requirements of
this Manual and shall be analyzed to determine if they provide adequate protection
in terms of target identification, threat definition, and overall effectiveness of the
physical protection system.
r. Systems and system components shall be functionally tested in accordance with
established procedures at a documented frequency . Chapter III of DOE 470.1
contains the performance assurance program requirements for systems protecting
Category I and II SNM. The testing program for all other security interests shall
be developed by the local safeguards and security authority.
s. Public vehicle parking and drive areas shall be maintained at the explosive threat
quantity distance from Protected Area perimeter intrusion detection and
assessment systems.
3. INTERIOR INTRUSION DETECTION SYSTEM REQUIREMENTS. The approved
interior intrusion detection systems shall be documented in the SSSP.
a. The probability of detection for each safeguards and security physical protection
system shall be established and documented.
b. Balanced magnetic switches shall initiate an alarm upon attempted substitution of
an external magnetic field when the switch is in the normally secured position and
whenever the leading edge of the door is moved 1 inch (2.5 centimeters) or more
from the door jam.
c. Volumetric detectors shall detect an individual moving at a rate of 1 foot per
second, or faster, within the total field-of-view of the sensor and its plane of
detection.
4. EXTERIOR INTRUSION DETECTION SYSTEM REQUIREMENTS. Approved
exterior intrusion detection systems shall be documented in the SSSP. Requirements for
Protected Areas, Material Access Areas, and Vital Areas are as follows.
a. The perimeter intrusion detection system shall be capable of detecting an individual
(weighing 35 kilograms or more) crossing the detection zone walking, crawling,
jumping, running, or rolling (at speeds between 0.15 and 5 meters per second), or
climbing the fence, if applicable, at any point in the detection zone with a detection
probability of 90 percent, at a 95 percent confidence level.
(1) Testing shall be conducted at the time of initial perimeter intrusion
detection system installation and at least annually thereafter to validate this
detection probability and confidence level.
(2) If operational testing or effectiveness testing indicates degradation of the
intrusion detection system or portion thereof, then that portion of the
intrusion detection system shall be revalidated. When calculating detection
probability for multiple sensor systems, detection is assumed if any of the
sensors detect the intrusion.
b. Intrusion detection systems shall cover the entire perimeter of a detection area,
including the tops of buildings situated in the detection area.
c. All openings in barriers, unattended gates and/or portals, and culverts and sewers
that have openings larger than 96 square inches (619.20 square centimeters)
where the smallest dimension is larger than 6 inches (15.24 centimeters) shall have
detection capabilities at least as effective as the rest of the intrusion detection
system, except when protected by access delay systems providing delay
comparable to tunneling or wall penetration. The intrusion detection system shall
be operational when the opening is not attended.
d. Intrusion detection systems in adjacent detection zones shall overlap sufficiently to
eliminate areas of no detection between detection zones. The length of alarm
zones shall be consistent with the characteristics of the sensors used in that zone.
e. Perimeter intrusion detection systems shall be designed, installed, and maintained
so as to deny adversaries a means to circumvent the detection system.
f. The isolation zone between fences shall be at least 20 feet (6 meters) wide.
g. The isolation zone between fences shall be clear of fabricated or natural objects
that would interfere with detection equipment or the effectiveness of the
assessment.
h. Wires, piping, poles, and similar objects that could be used to assist an intruder
traversing the isolation zone or that could assist in the undetected ingress or egress
of an adversary or matter shall be protected by the detection and assessment
system or constructed in a manner that deters their use.
i. The detection zone of each intrusion detection system sensor (where applicable)
shall not provide a pathway (e.g., dips, obstructions) that an individual might use
to avoid detection.
j. The detection zone of each intrusion detection system shall be kept free of snow,
ice, grass, weeds, debris, and any other item that degrades intrusion detection
system effectiveness. When the above action cannot be accomplished in a timely
manner, and when degradation of detection capabilities exists, compensatory
measures shall be taken to provide timely detection.
5. INTRUSION DETECTION SYSTEM ALARM ANNUNCIATION AT THE CENTRAL
AND SECONDARY ALARM STATION.
a. Alarms for the protection of Category I and II SNM and Top Secret matter shall
be distinguished at the central alarm station from alarms protecting other security
interests. Annunciation of these alarms shall take priority over the alarms for other
security interests.
b. Facilities not protecting Category I and II SNM and Top Secret matter and using
commercial alarm station monitoring services shall have its sensors connected by
direct, continuously supervised, leased line, or by such other means as to
distinguish its alarms from all alarms for other customers that are monitored by the
monitoring service.
c. Alarms shall annunciate audibly and visually to both the central and secondary
alarm stations.
d. Action to acknowledge alarms shall be straightforward and easily performed.
Reporting and acknowledgment of a multiple alarm scenario must address alarm
priorities to ensure system credibility/reliability is not diminished.
e. Intrusion detection system status indicators shall be provided to indicate when the
system is not in working order and to indicate tampering with any essential system
component, including analyzing all RF alarm communication physical protection
devices for state-of-health (SOH) and for their capability to detect intentional and
non-intentional jamming attempts.
f. Where applicable, the alarm control system shall have the capability to call the
central alarm station and secondary alarm station operators' attention to a closed-
circuit television camera (CCTV) alarm-associated video recorder/monitor. The
picture quality shall allow the operator to recognize and discriminate between
human and animal presence in the camera field-of-view.
g. Video recorders, when used, shall be actuated by alarm signals and shall operate
automatically. The response shall be sufficiently rapid to record an actual
intrusion.
h. When CCTV is used as the principal means for assessing alarms and for
determining response level, CCTV cameras shall have tamper-protection and
loss-of-video alarm annunciation. Fixed CCTV shall be used when cameras are the
principle means of alarm assessment. Movable pan-tilt-or-zoom lens cameras may
be used for surveillance and as back-up to fixed primary assessment cameras.
i. If remote CCTV assessment of a perimeter intrusion detection system is used, the
coverage shall be complete, with no gaps between zones and no areas that cannot
be assessed because of shadows or objects blocking the camera field. When such
conditions are temporary, compensatory measures shall be put into effect.
6. RADIO FREQUENCY ALARM SYSTEMS. When RF alarm communications are used,
the RF link that replaces the direct hardwire link between the sensor and the central alarm
station display panels shall maintain a high level of security. RF alarm communications
systems used for the protection of Category I SNM shall be limited to emergencies and
temporary situations. (The requirements of this paragraph do not apply to mobile and
SNM presence alarm monitoring systems.) Emergency and temporary use of RF alarm
communications shall not exceed 120 days per application.
a. RF Alarm Communications. To ensure protection requirements, RF alarm
communication systems, as a minimum, shall meet all of the following
requirements.
(1) Approved Digital Encryption Standard (DES) encryption or other
National Security Agency approved encryption techniques shall be
provided.
(2) The RF alarm communication system shall only be used as a redundant or
alternate path with hardwire being the primary method. Using two RF
frequencies to protect Category I, one as the primary and the other as
secondary path, does not satisfy the DOE requirement for redundant
communications paths. Compensatory measures will be required. It may
be adequate to use exposed, supervised hardwire along with RF as a
redundant communication path for temporary applications.
(3) The SOH interval shall be determined by analyzing the entire physical
protection system for the particular application. The SOH must be less
than the adversary task time minus the assessment time plus the response
time: [SOH >