Rescinded

This policy memo has been rescinded by DSCA 20-46 and 2016 SAMM Chapter 8 Rewrite.

 
DoD Shield

DEFENSE SECURITY COOPERATION AGENCY
2800 DEFENSE PENTAGON
WASHINGTON, D.C. 20301-2800

7/23/2014

MEMORANDUM FOR :

DEPUTY UNDER SECRETARY OF THE AIR FORCE FOR INTERNATIONAL AFFAIRS
DEPUTY ASSISTANT SECRETARY OF THE ARMY FOR DEFENSE EXPORTS AND COOPERATION
DEPUTY ASSISTANT SECRETARY OF THE NAVY FOR INTERNATIONAL PROGRAMS
DIRECTOR, DEFENSE CONTRACT MANAGEMENT AGENCY
DIRECTOR FOR SECURITY ASSISTANCE, DEFENSE FINANCE AND ACCOUNTING SERVICE - INDIANAPOLIS OPERATIONS
DIRECTOR, DEFENSE INFORMATION SYSTEMS AGENCY
DIRECTOR, DEFENSE LOGISTICS AGENCY
DIRECTOR, DEFENSE LOGISTICS INFORMATION SERVICE
DIRECTOR, DEFENSE LOGISTICS AGENCY DISPOSITION SERVICES
DIRECTOR, DEFENSE THREAT REDUCTION AGENCY
DIRECTOR, NATIONAL GEOSPATIAL - INTELLIGENCE AGENCY
DEPUTY DIRECTOR FOR INFORMATION ASSURANCE, NATIONAL SECURITY AGENCY

SUBJECT :

Enhanced Targeting Data (ETD) Physical Security and Accountability Requirements for Enhanced End-Use Monitoring (EEUM), DSCA Policy 14-18 [SAMM E-Change 256]

The attached change to the Security Assistance Management Manual (SAMM) adds an EEUM note Mandatory for Letters of Offer and Acceptance (LOA), LOA Amendments, and LOA Modifications that include National Geospatial-Intelligence Agency (NGA) Enhanced Targeting Data. It will also be mandatory for Amendments that add no additional Enhanced Targeting Data if the note on the current implemented version of the case varies from this text. ETD will not be transferred pursuant to Building Partner Capacity Program (BPC) pseudo-LOAs.

This change will take effect immediately. Appendix 6 of the SAMM will be updated as reflected in the attachment, and this change will be included in the online version of the SAMM found on the DSCA Web Page, www.dsca.mil/samm/, as SAMM E-Change 256. If you have questions regarding this policy please contact Mr. Paul Bartlett, DSCA/OPS/EUM, at (703) 604-6513 or e-mail: paul.bartlett@dsca.mil. For questions on the SAMM, please contact Mr. Mike Slack, DSCA/STR/POL, at (703) 601-3842 or e-mail: michael.slack@dsca.mil. Implementing Agencies should disseminate this policy to supporting activities.

Karen L. Garvey
Principal Director
Strategy

CC :

STATE/PM-RSAT
AFRICOM
CENTCOM
EUCOM
JFCOM
NORTHCOM
PACOM
SOCOM
SOUTHCOM
TRANSCOM
USASAC
SATFA TRADOC
NAVICP
NETSAFA
AFSAC
AFSAT
DISAM

SAMM Change 256

The following note is added to Appendix 6:

 

Enhanced Targeting Data (ETD) Physical Security and Accountability Requirements

Note Usage

Mandatory for LOAs that include National Geospatial-Intelligence Agency (NGA) Enhanced Targeting Data.
Mandatory for Amendments and Modifications that add Enhanced Targeting Data.
Mandatory for Amendments that add no additional Enhanced Targeting Data if the note on the current implemented version of the case varies from this text.

References

See Chapter 8.

Note Input Responsibility

CWD

Note Text

  1. "The Purchaser understands that the Enhanced Targeting Data (ETD) disks, external hard drives and related software (hereinafter referred to as ETD), require special security and accountability protocols and have been designated for Enhanced End Use Monitoring (EEUM). The Purchaser agrees to adhere to the physical security and accountability requirements stated below and to allow the United States Government to conduct security and accountability verifications at its request. This will include, but not be limited to, U.S. Government reviews of security measures, accountability procedures and documentation, distribution of assets, transportation, access controls, storage, and inventories by serial numbers of the ETD listed in this offer.
  2. Site Survey. The U.S. Government will perform a site survey prior to delivery of any ETD and provide to the Purchaser security instructions that will be referenced during all inspections to verify authorized end-use, security, and accountability controls. Specific requirements for storage, security, and accountability measures shall be agreed upon with the U.S. Government prior to delivery of the ETD systems. U.S. Government representatives shall be allowed to verify the security measures and procedures prior to delivery.
  3. Duplication of Data/Application to Indigenous Systems. The Purchaser agrees that technology related to the ETD will not be applied to any indigenous systems or programs unless prior written approval from the Department of State (DoS) and the National Geospatial-Intelligence Agency (NGA) is obtained.
  4. Reporting Losses, Theft or Unauthorized Access. The Purchaser will secure the ETD against loss, theft, or unauthorized access and agrees to notify the U.S. Government within 24-hours through the U.S. Embassy Security Cooperation Office (SCO) of any unauthorized destruction, loss, theft, or access to the ETD as well as any allegation, report, or evidence of unauthorized attempts to obtain access to the ETD. The report must include all available information relative to the unauthorized destruction, loss, theft, or access to the ETD including, but not limited to, location, cause, recovery efforts, and assistance requested. The U.S. Government shall determine whether or not to participate in recovery operations.
  5. Physical Security. The Purchaser agrees to adhere to the security requirements as outlined in the following paragraphs and will ensure these requirements are conveyed to any unit and/or personnel having custody of these items and to their higher headquarters. In storing and handling ETD, the Purchaser will be required to meet U.S. physical security standards in accordance with the General Security of Military Information Agreement (GSOMIA) and other agreements as applicable. It is the responsibility of the Purchaser to ensure the military facilities and personnel meet the minimum agreed security requirements. The Purchaser may add additional security features and layers, above those stated in the GSOMIA or applicable agreements, to enhance physical and personnel security.
  6. Storage. When not deployed for use, the Purchaser will be required to protect the ETD within a secure room or facility. Walls, ceilings, and floors will be constructed from true floor to true ceiling, and sound attenuation or sound masking materials will be utilized.
    1. When not in use, the ETD will be stored in a secure building, in a fully enclosed steel cage or a storage room protected by a door secured by a least two key-operated locks with at least 1/4-inch shackle. Doors will be constructed out of solid material and must be able to delay low or medium level penetration attempts.
    2. Forward Deployed Exploitation Facility (FDEF) using ETD (if applicable). In addition to these requirements, FDEFs equipped with ETD and target material systems will be constructed with a perimeter around the deployed storage facility to provide at least two layers of defense. This perimeter can be constructed utilizing sensors, fencing, concertina wire, or other material, which will delay enemy forces from gaining access to the FDEF.
    3. All ETD and devices loaded with ETD will be secured daily within an approved vault or safe accredited for national-level equivalent of U.S. SECRET material.
  7. Access and Key Control. Access to the room or facility will be limited to personnel cleared to the SECRET level representing the U.S. Government and the Purchaser. Rooms will utilize an armed guard or electronic badge reader, proxy, or Personal Identification Number (PIN) access control measures to ensure the integrity of the facility.
    1. The Purchaser shall establish a listing of all personnel who will have access to the ETD, components, and technical data. The list will be kept to a minimum number of personnel on a need-to-know basis in order to complete their duties. The Purchaser will provide this listing to the U.S. Government and ensure that changes to the listing are promptly reported. Access by persons other than authorized officers, employees or agents of the U.S. Government and the Purchaser requires prior third-party transfer approval by the DoS and NGA.
    2. All keys able to access rooms must be secured and controlled. All entrance doors will have Intrusion Detection Systems (IDS) installed, which at a minimum will consist of one 360 degree motion sensor and one Balanced Magnetic Sensor.
    3. Keys to the locks will be kept in a locked safe. Commanders will designate in writing each individual authorized to access the storage facility. No person will have access to more than one of these two keys, and two-person access control will be established to access the storage facility. A log will be maintained to register all individuals who access the storage area to record the time, date, and name of person removing/using the keys, including the date and time of their return to the safe.
  8. Accountability. The Purchaser will maintain strict accountability records on all classified information provided by the U.S. Government related to the ETD, including extracts and copies. These records will include documentary evidence of any weapon systems or subsections that are lost or destroyed. Such records shall, to the extent possible, be centralized.
    1. The Purchaser will have procedures in place that provide a continuous accounting of the ETD receipt, transfer, storage, shipment, and/or destruction/demilitarization. The Purchaser agrees to inventory the ETD provided on this Letter of Offer and Acceptance (LOA) on a 100% monthly basis.
    2. Inventory and accountability documentation maintained by the Purchaser shall be maintained for at least five (5) years and be made available for review upon U.S. Government request.
  9. Guard Force. Guard force personnel will be required to respond to alarms, penetrations or unsecured facilities within 10 minutes of discovery. Time of response by the guard force will not exceed the time the facility has been approved to delay an intruder from gaining access.
  10. Transportation of Classified Materials. Transportation of the ETD will meet or exceed U.S. standards for safeguarding classified material in transit. ETD will be enclosed in two opaque, sealed envelopes, wrappings, or containers durable enough to properly protect the material from accidental exposure and facilitate detection of tampering. Individuals hand carrying or serving as couriers or escorts for the ETD shall be informed of, and acknowledge, their security responsibilities. These individuals must sign a statement that acknowledges the following responsibilities:
    1. The individual is liable and responsible for the material being carried or escorted.
    2. The material is not, under any circumstances, to be left unattended. During overnight stops arrangements shall be made for storage of the classified material at a military facility meeting the security requirements stated in this agreement. Classified information shall not be stored in hotel safes.
    3. The material shall not be opened en route.
    4. The material shall not be discussed or disclosed in any public place.
    5. The individual shall not deviate from the authorized travel schedule.
    6. In cases of emergency, the individual shall take measures to protect the material.
    7. The Purchaser will keep copies of these statements signed by couriers or escorts for a minimum of five years.
  11. Destruction. The Purchaser agrees to obtain permission and demilitarization approval from the U.S. Government via the SCO prior to destruction and disposal of an ETD. Destruction of any equipment or information will be conducted through approved military classified channels with the Purchaser. The destruction of this material will be logged, approved, and witnessed by at least two cleared personnel. A report will be completed and retained by the Purchaser for U.S. Government review.
    1. Under deployed or combat conditions, where the risk of compromise is immediate, devices and hard-drives loaded with ETD should be destroyed by shooting it, crushing it or breaking it. ETD in the CD/DVD format should be destroyed using a degaussing machine or smashed with a mallet or hammer. Special care must be taken to prevent compromise of the ETD whether in removable/external hard drives or CD/DVD format. In the case of any compromise during deployment, the Purchaser will report to the U.S. Government the events which resulted in the compromise and the serial number(s) of the compromised hard drive(s).
    2. Under extreme circumstances, risk of capture or overrun, ETD or information within the FDEF will be destroyed by any means possible to preclude the enemy from gaining U.S. Government information."