U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

  1. Home
  2. Opog
  3. Directives

Was this page helpful?

SECURITY PROGRAMS

Number: 

DAO 207-1

Effective Date: 2

024-01-08

SECTION 1. PURPOSE.

.01This Order prescribes the responsibilities that govern the management of security programs in the Department of Commerce (Department) and outlines the preparation, issuance, and maintenance of the Department's security manuals that provide guidance for the administration of those security programs.

.02This revision reflects:

a.The removal, discontinuation, or realignment of all program functions formerly assigned to the Investigations and Threat Management Service, which has been eliminated.

b. Addition of Operations Security (OPSEC) and Physical Security functions.

c. Reclassification of the former Manual of Security Policies and Procedures to the new structure of providing security program guidance through multiple Security Manuals.

SECTION 2. AUTHORITY.

The provisions of this Order comply with and implement applicable Executive Orders, statutes, directives, and regulations issued within the Federal Government that pertain to security.

SECTION 3. DISSEMINATION.

This Order provides for the preparation, issuance, and maintenance of the Security Manuals covering policies, procedures, and responsibilities for the Department's security programs (see Section 4 of this Order). The Manuals apply to all Departmental operating units, offices, facilities, employees, contractors, and associates of the Department, and others who have access to Departmental facilities, information, personnel, or information technology (IT) systems.

SECTION 4. RESPONSIBILITIES.

.01 The Department’s Director for Security is responsible for managing the Department's security programs; serves as the Department’s senior agency official for a variety of security-specific functions; and:

a. Shall develop, issue, and supplement as needed the Security Manuals. The Manuals have the status and effect of a Department Administrative Order and cover various elements of Departmental security programs. The elements described in the Security Manuals include the following:

1. Security Administration, which involves the planning, coordination, implementation, and compliance of security programs in the Department to protect personnel, facilities, property, information, and IT systems (e.g., E.O. 14111; E.O. 14028; 41 C.F.R. Part 102-81).

2. Department Personnel Security, which ensures that employees are suitable for employment and trustworthy, and determines eligibility for access to classified National Security Information (NSI) in accordance with E.O. 10450 and E.O. 12968, as amended; 5 CFR Chapter 1, Parts 731, 732, and 736; 5 U.S.C. §§ 7312 and 7531-32 and according to Security Executive Agent Directives (SEADs), established by the Director of National Intelligence as Security Executive Agent for uniform policies and procedures governing the conduct of investigations and adjudications for eligibility for access to classified information.

3. Department Information and Special Security, which provides guidance to protect and safeguard classified NSI and provides guidance to protect and safeguard Sensitive Compartmented Information (SCI) in accordance with E.O. 13467, E.O. 13526; 32 CFR Part 117; and Intelligence Community Directives and Standards, the National Counterintelligence and Security Center’s Technical Specifications for Construction and Management of Sensitive Compartmented Information Facilities, March 13, 2020, and other applicable laws, E.O.s, directives, regulations, and agreements.

4. Department Physical Security, which establishes plans and procedures to review, assess, evaluate, and recommend countermeasures to ensure the physical protection of domestic and overseas Departmental assets and implements the controls over issuance and use of Personal Identification Verification (PIV) credentials pursuant to Homeland Security Presidential Directive 12 (HSPD-12) and Office of Personnel Management (OPM) memoranda.

5. Department Continuity and Emergency Management, which provides guidance to establish, develop, implement, and maintain preparedness plans to ensure the safety of employees, protection of facilities and their occupants, protection of other assets, and continuity of the Department's mission during any emergency situation that disrupts normal operations and implements the Department’s Presidential critical information requirements in accordance with E.O. 12565, E.O. 13961, Presidential Policy Directive 40 (PPD-40), Federal Continuity Directive-1 (FCD-1), and National Security Presidential Memorandum (NSPM)-32.

6. Department Operations Security (OPSEC), which provides guidance designed to prevent inadvertent compromise of critical information through a process of continual assessment that identifies and analyzes critical information, vulnerabilities, risks, and external threats to deny adversaries the ability to collect, analyze, and exploit information that might provide an advantage against the United States according to NSPM-28.

b. Shall establish and maintain security offices pursuant to DOO 20-6. Security offices shall be managed by the designated bureau-specific Director of Security or Security Manager.

c. Shall coordinate with the Chief Information Officer to ensure that coverage of the program elements listed in subparagraph 4.01a. of this Order are appropriately addressed within the IT Security Program, and other related areas of security.

d. In conjunction with the Deputy Assistant Secretary for Intelligence & Security, support training as needed for security personnel involved in inquiries and administrative investigations on subjects including civil rights, civil liberties, privacy and data collection, implicit bias, and related issues that might arise during the conduct of such inquires and investigations.

e. Shall coordinate, as necessary, with the Insider Risk Management Program as that program executes Executive Order 13587, Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information, dated October 7, 2011, and all related Department policies and requirements.

.02 In order to provide security services and support to a specified operating unit in the Department, each security office shall:

a. Implement and administer the Department's security programs within an operating unit;

b. Administer a comprehensive security program within the operating unit's headquarters component;

c. Supplement, as necessary, the Department's security programs with operating unit-specific procedures and requirements, in accordance with Section 6 of this Order;

d. Coordinate IT, continuity of operations, and telecommunications security matters with IT security officials as necessary within the operating unit's jurisdiction;

e. Periodically review security compliance and the effectiveness of the operating unit's security programs, including areas serviced by the bureau-specific Department’s Director for Security or bureau-specific Director of Security Manager, report findings, and make recommendations to the appropriate operating unit;

f. Conduct an initial inquiry when a potential violation of security policies or procedures has been reported; if verified, conduct a follow-on administrative investigation in coordination with the Office of the General Counsel when appropriate and immediately report findings to the Department’s Director for Security or designee; and

g. Maintain liaison when necessary with local, state, and national law enforcement agencies within the local area.

.03 In order to provide security services and support to operating units within a specified bureau, the bureau-specific Director for Security or Security Manager shall:

a. Monitor implementation of the Department's security programs within the bureau security offices’ service area of responsibility;

b. Supplement, as necessary, in accordance with Section 6 of this Order, the Department and operating unit's security programs with approved procedures and requirements to ensure the integrity and protection of operations, personnel, and information within their jurisdiction. All supplemental guidance must be approved by the Department’s Director for Security, in coordination with the appropriate operating unit;

c. Provide security guidance, service, and support to operating unit offices within the area of responsibility of the bureau-specific Director of Security or Security Manager;

d. Assist IT security officials within the bureau-specific Director of Security or Security Manager's jurisdiction on IT, continuity of operations, and telecommunications security matters;

e. Assist facility and office managers in the designation of points-of-contact to facilitate the implementation of security programs in a facility or operating unit office;

f. Coordinate as necessary with Department security offices to ensure implementation of operating unit-specific security requirements at field offices within the bureau-specific Director of Security or Security Manager’s jurisdiction;

g. Periodically review security compliance and the effectiveness of the operating unit's security programs in the bureau-specific Director of Security or Security Manager's area of responsibility, report findings, and make recommendations to facility managers, security offices as necessary, and the Department’s Director for Security, as appropriate;

h. Conduct administrative investigations at the request of the Department’s Director or Deputy Director for Security; and

i. Maintain liaison when necessary with local, state, and national law enforcement agencies, including the Office of Inspector General when appropriate, within the local areas serviced by their security offices.

.04 The head of each operating unit is responsible for ensuring the integrity of security programs, plans, and activities within the unit. To carry out this responsibility, they shall:

a. Ensure organizational compliance with current laws, regulations, Executive Orders, and Departmental directives concerning security requirements;

b. Designate a senior manager to represent the unit on the Department's Security Council. The names, titles, addresses, and telephone numbers of these employees shall be provided to the Department’s Director for Security;

c. Designate a qualified employee to serve as liaison to the Department’s Director for Security or Security Manager established to support those units. Designating an employee to act as liaison will not relieve the operating unit head of their responsibilities for implementing security activities within their respective operating unit; and

d. Designate a qualified employee to serve as liaison to the Office of Security for notification of events impacting operations of their supported Bureau or location.

.05 Facility and senior office managers of an operating unit shall cooperate with the security office or bureau-specific Director of Security or Security Manager to establish and maintain an effective security program within their facility or office. To carry out this responsibility, each facility or senior office manager shall:

a. Designate a point-of-contact within their organization to assist in carrying out security- related activities in locations where an operating unit facility or field office manager cannot maintain effective daily coordination and administration of security program activities. Each manager will provide the name, title, address, telephone number, and the designation of the area of responsibility to the appropriate security office or bureau-specific Director of Security or Security Manager; 

b. Monitor and coordinate the transmittal of employee, contractor, and associate security forms to the security office or bureau-specific Director of Security or Security Manager;

c. Provide appropriate security reports as specified by the security office or bureau-specific Director of Security or Security Manager;

d. Coordinate IT and telecommunications security matters with IT security officials within their jurisdiction;

e. Maintain liaison, as necessary, with local, state, and national law enforcement agencies within the local area; and

f. Coordinate the issuance of forms of identification with the operating unit offices and the appropriate security office or bureau-specific Director of Security or Security Manager.

.06 Personnel serving as the point-of-contact for their operating unit's facility or office shall be responsible for the following security-related activities:

a. Plan and implement a facility or office-specific security program with emphasis on promoting security awareness to ensure that all employees and other individuals who interact with the Department are given appropriate information on security regulations and procedures; and

b. Develop and issue, as necessary, facility - or office-specific security procedures and provide a copy to their facility or senior officer manager.

.07 All employees, contractors, associates, visitors, and other building occupants shall comply with Departmental and other applicable security requirements.

SECTION 5. DEVELOPMENT, ISSUANCE, AND MAINTENANCE OF THE SECURITY MANUAL.

.01 The Department’s Director for Security is authorized to develop and issue the Security Manuals (see paragraph 4.01a.) in accordance with DAO 200-0, "Department of Commerce Handbooks and Manuals," and DAO 200-3, "Department Administrative Order Services" (see Section 7, Handbooks and Manuals).

.02 The Security Manuals will be listed on Department's website and posted electronically on the Department’s Intranet website. Managers, supervisors, and employees in the Department may access the Security Manuals utilizing Departmental IT security safeguards to ensure operational security protection.

.03 The Department’s Director for Security will maintain the Security Manuals, including preparation and issuance of the Manuals and all subsequent changes.

SECTION 6. SUPPLEMENTARY REQUIREMENTS AND GUIDANCE.

Policies, procedures, or substantive written guidance developed by a security office or bureau-specific Director of Security or Security Manager to implement the provisions of this Order or the authorized Security Manuals, must be approved by the Department’s Director for Security prior to issuance.

SECTION 7. EFFECT ON OTHER ORDERS.

This Order supersedes Department Administrative Order 207-1, dated June 18, 2014. Nothing in this Order shall have the effect of, or be construed as, an exception to the responsibilities and authorities of the Department's General Counsel under Department Organization Order 10-6, the Department's Inspector General under the provisions of the Inspector General Act of 1978, as amended, or the responsibilities of the Inspector General under DAO 207-10. With respect to security matters that also involve fraud, waste, or abuse, the Department’s Director for Security shall consult with the Office of Inspector General, which has the right of first refusal in investigating allegations involving any Department employee, contractor, or grantee.

Signed by: Director for Security

Approved by: Chief Financial Officer and Assistant Secretary for Administration

Office of Primary Interest: Office of Security