DocIDz66369l6
WW

SIGNALS INTELLIGENCE
DIRECTORATE

MANAGEMENT DIRECTIVE 427

Issue Date: 01 August 2009
Revised Date: 28 December 2013
Second Rev: 14 September 2015

 

POC 802

 

(U) ACCESS TO CLASSIFIED U.S. INTELLIGENCE
INFORMATION FOR SECOND PARTY PERSONNEL

 

(U) Purpose This document provides guidance for granting Second Party SIGINT
personnel access to classi?ed US. intelligence information in accordance with
Department of Defense Directive 05230.23. ?Intelligence Disclosure
Polic (Ref Director of Central Intelligence Directive 6/7, ?Intelligence
Disclosure Polic (Ref and 5240.1-R, ?Procedures of DOD
Intelligence Components that Affect U.S. Persons? (Ref C)

 

NOTE: (U) Underlined terms are defined under Annex De?nitions.

 

(U) Scope (U) This Signals Intelligence Directorate (SID) Management Directive applies to
all US. SIGINT production elements located at NSA Headquarters (NSAW) and
across the United States SIGINT System 

(U) This guidance supersedes all previously approved SIGINT Directorate
guidance and authorizations for Second Party access to classi?ed US.
intelligence information. Second Party personnel who require access for the
performance of the SIGINT mission must be re-justi?ed and resubmitted for
approval by the SIGINT Director or Deputy Director.


1

 

NSA FOIA Case 100386 Page 00571
Approved for Release by NSA on 09-20?2018, FOIA Litigation Case #100386

 

 

Doc ID: 6636916


(U) All new requests for Second Party accesses after the date of issue of this
document must follow the guidelines herein.

 



RONALD S. MOULTRIE
Signals Intelligence Director

DISTRIBUTION:
Signals Intelligence Directorate, All
SIGINT Enterprise, Field, All
Of?ce of General Counsel
Of?ce of Corporate Policy

 

(U) BACKGROUND

 

(U) Background 1. (U) SS has a tradition of signals intelligence (SIGINT) collaboration
with its Second Party SIGINT Partners that has sewed us well. SS and
the Intelligence Community (IC) have benefited from this exchange and have
broadened and improved U.S. knowledge and capabilities. Notwithstanding our
special partnerships with our Second Party SIGINT Partners, must
?rst ensure that activities with our partners comply with all US. legal and policy
guidelines. This management directive is established to de?ne, document, and
implement internal procedures to ensure consistency and compliance with all
legal and policy guidelines.

2. (U) Granting access to Second Party personnel to classi?ed US. intelligence
information must be done in accordance with procedures established within
SS and consistent with policies and procedures of the Director of
National Intelligence and the Secretary of Defense. In addition, first
and foremost, has a responsibility to protect intelligence information that
contains or may contain equities of other members of the IC . Granting access to
or approving release of information to Second Party personnel applies equally to
SIGINT as well as to intelligence gathered under the authority of other IC
agencies, or any intelligence from those agencies that is fused with SIGINT (to
include that from collaborative access efforts). Often, only the originating agency
or element may be aware of the sensitivities of the intelligence information,
therefore that agency?s permission must be obtained prior to sharing.

LON-519W

NSA FOIA Case 100386 Page 00572

Doc ID: 6636916 .
WEI-NW

3. Per Director of Central Intelligence Directive (DCID) 

?Conduct of Liaison with Foreign Governments and Release of US. to
Foreign Governments? (Ref D), is the executive agent of the
US. Government for the conduct of SIGINT arrangements with the Second
Parties. DCID 6/6, ?Security Controls on the Dissemination of Intelligence
Information? (Ref E), speci?es that intelligence may be shared with foreigners
(including Second Party personnel) to the extent such sharing promotes the
interests of the United States, is consistent with US. law, does not pose
unreasonable risk to US. foreign policy or national defense, and is limited to a
speci?c purpose and normally of limited duration. The directive mandates
responsibility to apply appropriate controls to and accountability for
the access to or release of intelligence to our foreign partners.

 

 

 

 

 

 

 

(U) Data 4. (U/cheH-ei For the purposes of this policy, data, databases, and data sets
Categories maintained by will be categorized as follows:

. 

 

 

(U) Approval 5. 


Authorities

 

 



SA Case 100386 Page 00573

Doc ID: 6636916

 

 

 

 

 

6. (UWI

 

 

 

 

7. (U5039995- If the ?Second Party person is an integree as de?ned 1n 
Policy 1-13 ?Second Party Lntegrees? (Ref F), then   vill
be recorded by the integre?? supervisor and the apprOpriate Foreign Affairs
Directorate diesk of?cer shall be noti?ed

 

 

8. (UALF-GHG9 Second Party personnel access to SS maintained databases
or data sets that only contain classi?ed information marked releasable to that
partner 01 databases that are capable of restricting access only to that data which
,is marked releasable to that partner regardless of the originating agency of the
?data, willbe granted to Second Party personnel in accordance with Annex A to
this policy. Approval authority for Second Party access marked releasable
.1 resides with the relevant SIGINT Directorate Deputy Director or Associate
43 Director and
. NTOC DIR, and SUSLOS Canberra, London, Ottawa, and
Wellington).




 

 

 

 


WNW

 

 

 

NSA OIA Case 100386 Page 00574

Doc ID: 6636916

 

 

 

 

 

. wows} karat?91710)]

 

86-36



..
.

 

 

 

 

 

 

1. SS Director, the Deputy Director, or
authorized Designated Intelligence Disclosure Of?cers (DIDOs) may authorize
release to a Second Party Integree of classi?ed US. intelligence that bears no
specific control markings that is not marked with 
or another control marking such as The details of the DIDO
program and authorities may be found in DCID 6/7. ?Intelligence Disclosure
Policya? and the list of designated DIDOs.

 

(U) Data Uses 12. to data by or release of data to Second Party personnel
does not convey authorization or approval for Second Party follow-on use.
Further use guidance will accompany each Second Party access provision.

86-36

 

 

 

 

NSA Case 100386 Page 00575

Doc ID: 6636916

86-36

 

 

 

 

(U) Termination
of Access

(U) Emergencies

 

15. (UALFQUQ) When a Second Party person changes work assignments or
locations, any access to maintained data, databases, or data sets
granted through an approval process (such as the SIGINT Contact
Center is similarly terminated in accordance with SID Management
Directive 421. ?United States SIGINT System Database Access? (Ref H).

 

16. (U) For emergency sharing authorization, the NSA Director or Deputy
Director and/or the SIGINT Director and Deputy Director are the sole approving
authorities. Emergency situations are de?ned and will be implemented per
guidance in DCID 6/6, Section 10.

 

 

(U) ANNEX A
ACCESS TO RELEASABLE DATA

 

(U) General

(U) Access for
Personnel in
Second Party
SIGINT

A. l. Party personnel, whether integrated into an 
established SIGINT production element or assigned to a Second Party SIGINT
organization, may be granted access to maintained SIGINT databases
and data sets that contain only data marked as releasable to that Second Party
partner or databases that are capable of restricting access only to that data which
is marked as releasable to that partner. All Second Party personnel accessing
SS maintained databases and data sets must adhere to the same standards
as US. SIGINT personnel with regard to US. intelligence oversight, to include
US. Intelligence Oversight Officers (lOOs), U.S. auditors, and appropriate
intelligence oversight training and reporting programs. Second Party Integrees
shall not be assigned positions for which access to NOFORN information is
routinely required, without prior approval from all originators of that
information.

 

A2. Second Party SIGINT elements requiring access to releasable
databases or data sets must ?rst be registered in the Mission
Correlation Table (MCT) in accordance with SID Management Directive 422.
Mission Delegation? (Ref 1), by following the SID SIGINT Contact

WNW
6
NSA OIA Case 100386 Page 00576

Doc ID: 6636916

Elements



Center SC C) process

_ for Sponsors
and Data Masks. _Gi.ven?fliat these will be Second Party missions, the relevant
Analysisand Production Global Capability Managers will coordinate on, but not

.appr'ove, the registration of the mission and the associated databases.

86-36

A3. (UH-F888) Second Party SIGINT elements will work with the appropriate

. Senior-US, Liaison Of?ce (SUSLO) and the appropriate SS Foreign

?Affairs Directorate (FAD) Desk Of?cer to draft and coordinate the access

(U) Access for
Second Party
Integrees

(U) Termination
of Access

86-36

request for registration in the FAD Desk Of?cer will function as the
Sponsor into the SCC process. The Desk Of?c?r?s?Will-work with SID Oversight

 

and Compliance Compliance and Veri?cation Team :l
#0 determine the appropriate oversrg tpath,

 

training, and auditlng requirements for each element and associated database
being registered in the MCT. If access is approved, access to individual
releasable databases is then granted through the SCC standard procedure.

 

A.4. Second Party SIGIN personnel integrated into SS
SIGINT production elements under SS Policy 1-13, ?Second Partv
Integrees? will be sponsored for access through established procedures in
SIGINT Management Directive 421. Supervisors of Second Party integrees must
maintain a list of any databases or data sets accessed by the integree and will
notify the appropriate FAD Desk Of?cer of any changes during the integree?s
assignment which would require a change to access. Approval authority for
database and/or data set access to or IC Not-Releasable? will be the
NSA Director, Deputy Director, SIGINT Director or SIGINT Deputy Director.

 

A.5. When Second Party personnel change work assignments or
locations, any access to SIGINT databases or data sets will be terminated
immediately. The SIGINT production element?s Sponsor or
Intelligence Oversight Of?cer (100) is reSponsible for requesting the database
System Administrators to terminate and remove the individual?s accounts from
their systems in accordance with SID Management Directive 421. For Second
Party Integrees, the immediate supervisor (US. or Second Party) is responsible
for the termination of accesses and will notify the appropriate FAD desk of?cer
and personnel in accordance with SID Management Directive 421.

 

(U) ANNEX 

 

 

 

 

NSA OIA Case 100386 Page 00577

Doc ID: 6636916

 

 

 

 

NSA OIA Case 100386 Page 00578

Doc ID: 6636916

 

 

 

 

 


(U) ANNEX 
REFERENCES

 

qo

Department of Defense Directive C-5230.23,
?Intelligence Disclosure Policy?

(UH-1989) Director of Central Intelligence Directive 6/7, ?Intelligence
Disclosure Policy?

(WE-989) 5240.1-R, ?Procedures of Intelligence Components
that Affect U.S. Persons?

(UM-1999) Director of Central Intelligence Directive (DCID) 
?Conduct of Liaison with Foreign Governments and Release of US. SIGINT
to Foreign Governments?

Director of Central Intelligence Directive (DCID) 6/6, ?Security
Controls on the Dissemination of Intelligence Information?

(U5419519) Policy 1-13, ?Second Party Integrees?

(UM-1989) POLICY 1-41, ?The Exceptionally
Controlled Information (ECI) System?

(UH-P966) SID Management Directive 421, ?United States SIGINT System
Database Access?

(UHFGUG) SID Management Directive 422, Mission Delegation?

WW
9
SA OIA Case 100386 Page 00579

Doc ID: 6636916

WW

 

 

 

 

 

 

 

 

 

 

 

j. Executive Order (E0) 12333, ?United States Intelligence
Activities?
k. National Securitv Act of 1947
1. UKUSA Agreement, dated 5 March 1946
(U) ANNEX 
DEFINITIONS
(U) Data Set D.1. (U) For the purpose of this policy, a large collection of intelligence
data that has not been evaluated for foreign intelligence or minimized to
protect U.S. identities but is not a formal database subject to the SIGINT
Contact Center (SCC) process or a similar access control. A data set may
also be a data feed such as would be needed for a research/deveIOprnent
effort.
(U) Database D.2. (UM-1989) For the purpose of this policy, a structured collection of
records or data that is stored in a computer system and organized in a data
management system for quick retrieval of those records. A database is
generally subject to the SCC process or a similar access control and listed
(U) Designated D.3. (U) The heads of departments and agencies with organizations in the
Intelligence Intelligence Community or the heads of such organizations, and their
Disclosure speci?cally designated subordinates whose names and positions are
Of?cial (DIDO) certified to the Director National Intelligence (DNI) in writing, and other
US. of?cials designated by the DNI.
(U) Exceptionally D.4. (U) COMINT sub-control system/sub-compartment to protect TOP
Controlled SECRET exceptionally sensitive COMINT sources, methods and activities.
Information
(ECI)
(U) Evaluated, D.5. (U) Traf?c that has been minimized for US. identities and assessed for
Minimized foreign intelligence value.
Traf?c (EMT)


10
NSA FOIA Case 100386 Page 00580

Doc ID: 6636916

(U) Integree

(U) Intelligence

(U) Intelligence
Community (IC)

 

D.6. (Uzi/F989) The term ?integree? in this document refers to Second
Party Partner personnel integrated into or detailed to SIGINT production
element (as de?ned in USSID CR1610) who, when integrated into an
environment, are working solely under the direction and
operational control of the to conduct SIGINT activities
that support information needs validated by in accordance with
SS authorities, rules, and regulations. Integrees may be civilians or
military members. Integrees must be approved in accordance with

SS Policy 1-13, ?Second Party Integrees.?

 

D.7. (U) Includes the following information, whether written or in any other
medium, classi?ed pursuant to Executive Order 12958 or any predecessor
or successor Executive Order:

a. (U) Foreign intelligence and counterintelligence defined in the
National Security Act of 1947 (Ref K), as amended and Executive
Order 12333;

b. (UH-F9993 Information describing US. foreign intelligence and
counterintelligence activities, sources, methods, equipment, or
methodology used for the acquisition, processing, or exploitation of
such intelligence; foreign military hardware obtained through
intelligence activities for exploitation and the results of the
exploitation; and any other data resulting from US. intelligence
collection efforts; and

(U) Information on Intelligence Community protective security programs
personnel, physical, technical, and infom?ration security).

 

D.8. (U) The Intelligence Community comprises the:
0 Central Intelligence Agency (CIA),
. National Security Agency (NSA),
. Defense Intelligence Agency (DIA),

. Bureau of Intelligence and Research (within the Department of
State),

. National GeOSpatial?Intelligence Agency (NGA),
. National Reconnaissance Of?ce (NRO),

. Intelligence and Counterintelligence Elements of the Army, Navy,
Air Force, Marine Corps, and Coast Guard.

. Staff elements of the Director of National Intelligence (DNI), and
. Intelligence elements of the:


11
NSA OIA Case 100386 Page 00581

Doc ID: 6636916

(U) SIGINT
Content

(U) SIGINT
Metadata

(U) Mission



0 Drug Enforcement Administration,

0 Federal Bureau of Investigation (FBI),
0 Department of Justice,

0 Department of the Treasury,

0 Department of Homeland Security, and
0 Department of Energy.

 

D.9. (U) The actual information g, voice, data, or video) exchanged
between one or more individuals, systems or devices.

 

D. 10. Refers to structured "data about data." Metadata includes
all information associated with, but not including content, and includes any
data used by a network, service, or application to facilitate routing or
handling of a communication or to render content in the intended format.
Metadata includes, but is not limited to, dialing, routing, addressing, or
signaling information and data in support of various network management
activities billing, authentication or tracking of communicants).

 



 

Correlation
Table (MCT)



86-36

 

 

 

(U) Product

(U) Raw SIGINT
Data

 

(1)

USC 798
USC 3024(1)
86?36

 

 

 

 

D.12. (U) Foreign intelligence (derived from SIGINT processes) that is
made available in readable form to authorized recipients in response to
stated or implied Information Needs. SIGINT Product reporting standards
are governed United States Signals Intelligence Directives (USSIDs) and
other SIGINT policy.

 

SIGINT data is any SIGINT data
acquired either as a result of search and development or targeted collection
operations against a particular foreign intelligence target before the

information has been evaluated for foreign intelligence AND minimization
purposes. It includes, but is not limited to, unevaluated and/or unminimized



12
NSA OIA Case 100386 Page 00582

Doc ID: 6636916

(U) Second Party

(U) Second Party
SIGINT Partners

(U) Second Party
SIGINT
Personnel

(U) SIGINT
Production
Element

 

(1)
use 798

usc 3024(1)
86-36

 

 

 

 

 

 

 

 

D. 14. (U) Any of the four countries with which the US. Government
maintains close, cooperative SIGINT and Information Assurance (IA)
relationships: Australia, Canada, New Zealand, and the United Kingdom
(UK). The strategic alliance among these nations stems from the strong
partnerships that developed during World War II and were first
formalized in the UKUSA Agreement (Ref L), dated 5 March 1946.

 

(U) The following SIGINT organizations, their subordinate units, and
other units af?liated with, or approved by, the National SIGINT
authority. The organizations are:

a. (U) UK Government Communications Headquarters (GCHQ)

b. (U) Canada - Communications Security Establishment Canada(CSEC)
c. (U) Australia - Defence Signals Directorate (DSD)

d. (U) New Zealand - Government Communications Security Bureau
(GCSB)

 

D. 16. (U) This includes all Second Party personnel assigned to and working
under the SIGINT Authorities of the respective Second Party Partner
organization. This includes Second Party civilian, military, and contractor
personnel.

 

D.l7. (U) A formally recognized and documented element (organization,
unit) that executes at least one of the SIGINT production functions
(collection, processing, analysis, retention, and dissemination) performed by
United States SIGINT System and/or foreign SIGINT production
personnel (collectors, intelligence linguist, reporters,
SIGINT development research personnel, staff, support elements,
and managers) necessary for the conduct of an assigned SIGINT mission.


13
NSA FOIA Case 100386 Page 00583

Doc ID: 6636916

(U) Stakeholder

(U) United States
SIGINT System




 

D.18. (U) Stakeholders in the access of data Not Releasable by a Second
Party person would be any of?ce with an equity in the information. This list
might include:

0 SI Customer Relations,

0 S2 Analysis and Production,
0 S3 Data Acquisition,

0 $56 SIGINT Deve10pment,

0 Associate Deputy Directorates for Counter Terrorism 
and Technical SIGINT and Electronic 

0 National Threat Operations Center (NTOC),

Commercial Solutions Center (NC SC),

0 Research Directorate (RAD),

0 Associate Directorate for Education and Training (ADET),

0 Associate Directorate for Security and Counterintelligence
and

0 National Representatives and Senior Liaison Of?cers,
as appropriate.

 

D.l9. (U) The United States SIGINT System is the SIGINT part of
the United States System (USCS) and refers to the US.
Government SIGINT activities worldwide under the direction of the
Director, National Security Agency/Chief, Central Security Service
The is composed of the SIGINT
Directorate, the SIGINT functions and elements of the military departments,
and other governmental elements (other than the Federal Bureau of
Investigation) authorized to perform SIGINT activities under the direction
and authority of the 

 


14
NSA FOIA Case 100386 Page 00584