32 C.F.R. § 117.16

Current through September 30, 2024
Section 117.16 - Visits and meetings
(a)Visits. This paragraph applies when, for a lawful and authorized USG purpose, it is anticipated that classified information will be disclosed during a visit to a cleared contractor facility or to a USG facility.
(1)Classified visits. The number of classified visits will be held to a minimum. The contractor:
(i) Must determine that the visit is necessary and the purpose of the visit cannot be achieved without access to, or disclosure of, classified information.
(ii) Will establish procedures to ensure positive identification of visitors, appropriate PCL, and need-to-know prior to the disclosure of any classified information.
(iii) Will establish procedures to ensure that visitors are only afforded access to classified information consistent with the purpose of the visit.
(2)Need-to-know determination. The responsibility for determining need-to-know in connection with a classified visit rests with the individual who will disclose classified information during the visit. Need-to-know is generally based on a contractual relationship between the contractors. In other circumstances, disclosure of the information will be based on an assessment that the receiving contractor has a bona fide need to access the information in furtherance of a GCA purpose.
(3)Visits by USG representatives. Representatives of the USG, when acting in their official capacities as inspectors, investigators, or auditors, may visit a contractor's facility, provided these representatives present appropriate USG credentials upon arrival.
(4)Visit authorization.
(i) If a visit requires access to classified information, the host contractor will verify the visitor's PCL level. Verification of a visitor's PCL may be accomplished by a review of a CSA-designated database that contains the information or by a visit authorization letter (VAL) provided by the visitor's employer.
(ii) If a CSA-designated database is not available and a VAL is required, contractors will include in all VALs:
(A) Contractor's name, employee's name, address, and telephone number, assigned commercial and government entity (CAGE) code, if applicable, and certification of the level of the entity eligibility determination.
(B) Name, date and place of birth, and citizenship of the employee intending to visit.
(C) Certification of the proposed visitor's PCL and any special access authorizations required for the visit.
(D) Name of person(s) to be visited.
(E) Purpose and sufficient justification for the visit to allow for a determination of the necessity of the visit.
(F) Date or period during which the VAL is to be valid.
(5)Long term visitors.
(i) When USG employees or employees of one contractor are temporarily stationed at another contractor's facility, the security procedures of the host contractor will govern.
(ii) USG personnel assigned to or visiting a contractor facility and engaged in oversight of an acquisition program will retain control of their work product. Classified work products of USG employees will be handled in accordance with this rule. Contractor procedures will not require USG employees to relinquish control of their work products, whether classified or not, to a contractor.
(iii) Contractor employees at USG installations will follow the security requirements of the host. This does not relieve the contractor from security oversight of their employees who are long-term visitors at USG installations.
(b)Classified meetings. This paragraph applies to a conference, seminar, symposium, exhibit, convention, training course, or other such gathering during which classified information is disclosed, hereafter called a "meeting." Disclosure of classified information to large diverse audiences such as conferences increases security risks. Classified disclosure at such meetings may occur when it serves a government purpose and adequate security measures have been provided in advance.
(1)Meeting conducted by a cleared contractor. If conducted by a cleared contractor, the meeting is authorized by a USG agency that has agreed to assume security jurisdiction. The USG agency:
(i) Must approve security arrangements, announcements, attendees, and the location of the meeting.
(ii) May delegate certain responsibilities to a cleared contractor for the security arrangements and other actions necessary for the meeting under the general supervision of the USG agency.
(2)Request for authorization. Contractors desiring to conduct meetings that require sponsorship will submit their requests to the USG agency that has principal interest in the subject of each meeting. Requests for authorization will include:
(i) An explanation of the USG purpose to be served by disclosing classified information at the meeting and why the use of conventional channels for release of the classified information will not advance those interests.
(ii) The subject of the meeting and scope of classified topics, to include the classification level, to be disclosed at the meeting.
(iii) The expected dates and location of the meeting.
(iv) The general content of the proposed announcement or invitation to be sent to prospective attendees or participants.
(v) The identity of any other non-government organization involved and a full description of the type of support it will provide.
(vi) A list of any foreign representatives (including their nationality, name, organizational affiliation) whose attendance at the meeting is proposed.
(vii) A description of the security arrangements necessary for the meeting to comply with the requirements of this rule.
(3)Locations of meetings. Classified sessions will be held only at a USG installation or a cleared contractor facility where adequate physical security and procedural controls have been approved. The authorizing USG agency is responsible for evaluating and approving the location proposed for the meeting.
(4)Security arrangements for meetings. The contractor will develop the security measures and procedures to be used and obtain the authorizing agency's approval. The security arrangements must provide:
(i)Announcements. Approval of the authorizing agency will be obtained for all announcements of the meeting.
(A) Announcements will be unclassified and will be limited to a general description of topics expected to be presented, names of speakers, and administrative instructions for requesting invitations or participation. Classified presentations will not be solicited in the announcement.
(B) When the meeting has been approved, announcements may only state that the USG agency has authorized the conduct of classified sessions and will provide necessary security assistance.
(C) The announcement will further specify that security clearances and justification to attend classified sessions are to be forwarded to the authorizing agency or its designee.
(D) Invitations to foreign persons will be sent by the authorizing USG agency.
(ii)Clearance and need-to-know. All persons in attendance at classified sessions will possess the requisite clearance and need-to-know for the information to be disclosed.
(A) Need-to-know will be determined by the authorizing agency or its designee based on the justification provided.
(B) Attendance will be authorized only to those persons whose security clearance and justification for attendance have been verified by the security officer of the organization represented.
(C) The names of all authorized attendees or participants must appear on an access list with entry permitted to the classified session only after verification of the attendee's identity based on presentation of official photographic identification such as a passport, contractor or USG identification card.
(iii)Presentations. Classified information must be authorized for disclosure in advance by the USG agency having jurisdiction over the information to be presented.
(A) Individuals making presentations at meetings will provide sufficient classification guidance to enable attendees to identify what information is classified and the level of classification.
(B) Classified presentations will be delivered orally or visually.
(C) Copies of classified presentation materials will not be distributed at the classified meeting, and any classified notes or electronic recordings of classified presentations will be classified, safeguarded, and transmitted as required by this rule.
(iv)Physical security. The physical security measures for the classified sessions will provide for control of, access to, and dissemination of, the classified information to be presented and will provide for secure storage capability, if necessary.
(5)Disclosure authority at meetings. Authority to disclose classified information at meetings, whether disclosure is by officials of industry or USG, must be granted by the USG agency or activity that has classification jurisdiction over the information to be disclosed. Each contractor that desires to disclose classified information at a meeting is responsible for requesting and obtaining disclosure approvals. Associations are not responsible for ensuring that classified presentations and papers of other organizations have been approved for disclosure. A contractor desiring to disclose classified information at a meeting will:
(i) Obtain prior written authorization for each proposed disclosure of classified information from the USG agency having jurisdiction over the information involved.
(ii) Furnish a copy of the disclosure authorization to the USG agency sponsoring the meeting.
(6)Requests to attend classified meetings. Before a contractor employee can attend a classified meeting, the contractor will provide justification for why the employee requires access to the classified information, cite the classified contract or GCA program or project involved, and forward the information to the authorizing USG agency.

32 C.F.R. §117.16

85 FR 83312, 2/24/2021