Information for the CIO, CSO, FSO, ISSO and other security professionals. Understanding NISPOM and ITAR compliance is tough. With over 12,000 cleared defense contractors, a majority of those don't have a security staff. We'll hope to help fill the gap. From security clearances to performing on classified contracts, you can find help here.
Many people of the world reside in the United States where they temporarily live and work under authorized conditions. They could be applying for citizenship or residing for a season of work. While they are here under certain authorizations such as visas or other agreements, they are legal residents but not U.S. citizens. They participate in the work force, contribute in the advancement of technology, benefit industry, but there are restrictions to information they are able to access. In the commercial industry, access to technical information is controlled under Export Administration Regulation (EAR). In the defense contracting industry, non-U.S. persons are restricted from accessing certain technical information per the International Traffic in Arms Regulation (ITAR), and they are not eligible for security clearances. While non – U.S. citizens can work with technical information after approval from the Departments of Commerce or State, they could not be authorized to possess U.S. security clearances. There are situations where they can access classified information, but it is only after a deliberate need is identified, rationale is determined, and the access is granted after a favorable background check. However, in no situation is this the granting of a security clearance. The National Industrial Security Operating Manual (NISPOM) states that only U. S. citizens are eligible for security clearances. However, in approved circumstances, non-U.S. citizens can access classified information. Again this is access and approval to work with classified information, but should not be confused with being granted a security clearance. There are limited situations where a non-U.S. citizen would be authorized to have access to and work with classified information. Some reasons include situations where they possess unique or unusual skills necessary to support a U.S. Government classified contract. In these events, the Government can authorize a Limited Access Authorization (LAA). The LAA authorization is not a security clearance, but a process by which access to specific classified information is provided through an approval process. The approval process requires multi-agency coordination beginning with the defense contractor requesting the need to provide a non-U.S. citizen access to classified information, the government customer justifying the need with specific rationale, State Department visibility, and final Defense Security Services (DSS) approval. Once DSS approves the letter of justification they notify the defense contractor who initiates a background investigation. Once the LAA is in place the non-U.S. citizen can access classified information specific to the contract and based on their need to know. The letter of justification should specify the contract number, a precise list of material to be access and the contractor should ensure that the person under the LAA accesses only the specified information. They are not allowed access to anything above the SECRET level, to include COMSEC and intelligence information. Any access above and beyond what is specified should be considered and reported as a security violation. The average citizen should view the LAA process as a means to fill a unique situation using risk based rationale and not as a means of convenience. The non-U.S. citizen subject matter expert is identified as such, properly vetted, the need is communicated, evaluated and assessed, and the Department of Defense, State, Commerce, and other applicable agencies make joint approval decisions.