DocIDz6636849


NATIONAL SECURITY AGENCY
CENTRAL SECURITY SERVICE
POLICY 1-13

Issue Date: 31 December 2014
Revised:

   

 

 

(U) SECOND PARTY INTEGREES
(U) PURPOSE AND SCOPE

(WW?This policy assigns responsibilities and procedures for the establishment of
Second Party Integree positions and the placement of Second Party Integrees, including
personnel involved in military exchange programs, into This policy applies to
Washington, the Extended Enterprise, and United States Signals Intelligence
System tactical locations.

MICHAEL S. ROGERS
Admiral, US. Navy
Director, NSA/Chief, CSS

o?izl?zg)vfa?novo~
Endorsed/W
Associate Director for Policy

 

(U) DISTRIBUTION:
DP09



SA FOIA Case 100386 Page 00496

Approved for Release by NSA on 09?20?2018, FOIA Litigation Case #100386 I

 

 

Doc ID: 6636849


Policy 1-13 Dated: 31 December 2014

(U) This Policy 1-13 supersedes Policy 1-13 dated 16 August 2004.

(U) OPI: Foreign Affairs Directorate, DP, 963-54545.
(U) No section of this document, regardless of classi?cation, shall be released without approval
from the Of?ce of Corporate Policy (DJ 1).

(U) POLICY

1. SS shall support the integration of Second Party personnel into
the workforce throughout the Global Enterprise when it is
bene?cial to the United States System mission, strengthens relationships with the
Second Party nations, and is consistent with US Government law, policy, strategy, and interests.
The integration of Second Party personnel into the SS workforce must be in compliance
with Department of Defense Directive 5230.20, ?Visits, Assignments, and Exchanges of
Foreign Nationals? (Reference 

2. Second Party Integrees shall not perform inherently governmental
functions, which must remain the responsibility and within the purview of 
Government employees.

a. Second Party Integrees shall not be assigned responsibilities that
involve direction of SS decision-making processes or that include performing
activities that require exercise of substantial direction in applying government authority,
including binding SS to take or not to take some action by contract, policy, or
regulation; to make personnel decisions, including hiring functions; or to make
?nancial/resource decisions. Second Party Integrees may not solely represent the
corporate interests of SS in internal or external meetings or conferences. While
Second Party Integrees may occasionally be called upon to contribute unique expertise to
such meetings or conferences, this is permissible only if the Second Party Integree is not
asked to commit resources or to represent SS in a policymaking
capacrty.

b. (UH-1999) Second Party Integrees may not perform information technology
(IT) systems administrative functions or hold privileged user access on IT
systems, with the exception of local administrative privileges in direct support of mission
requirements a virtual machine or workstation the administrative access to which is
expressly required for mission purposes). All Second Party accesses will comply with
Intelligence Community Directive (IC D) Number 503, ?Information Technology Systems
Security Risk Management, Certification and Accreditation? (Reference 
8500.01, ?Cybersecurity? (Reference Policy 6-3, Operational
Information Systems Security Policy? (Reference (1), and Policy 6-20, ?Second
Party Access to SS I Classi?ed Information Systems? (Reference 
Requests for exception to this paragraph shall be reviewed and endorsed by the
Information System Security Of?cer (1880) prior to submission to the 
Authorizing Official for decision.

2

NSA FOIA Case 100386 Page 00497

Doc ID: 6636849


Policy 1-13 Dated: 31 December 2014

c. Second Party Integrees may be assigned to leadership positions;
however, any supervisory responsibilities that are reserved by law or regulation to an
of?cer or employee of the US Government must be perfomied by the next higher level
US. supervisor in the management or command chain. This prohibits the Second Party
Integree leader from preparing human resource-related documents, including ?nal
performance evaluations, making pay decisions, making decisions regarding the
employee?s advancement to the next pay level or grade, making award decisions, or
similar perSOnnel actions, for any subordinate employee. Second Party
Integrees may, however, provide input to a US. Government employee?s of?cial
supervisor concerning these matters. Additionally, access restrictions may prohibit a
Second Party Integree in a leadership position from having full access to the speci?c
details and scope of an employee?s most sensitive mission activities.

3. (WW) Information necessary for Second Party Integrees to perform their
functions shall be shared unless specifically prohibited by Director of National
Intelligence (DNI), or Committee on National Security Systems (CNSS) policy, applicable
Executive Orders, or US. law. Security rami?cations associated with Second Party Integrees
must be considered before establishing and staffing any Second Party Integree position.

 

 

 

 

4. (U) Organizations wishing to establish and staff new Second Party Integree positions
shall follow the procedures detailed below .

(U) PROCEDURES

5. Requirements for Second Party Integree positions will be identi?ed
within SS Directorates, Associate Directorates, the Chief of Staff organization,
or Extended Enterprise elements. This policy permits informal exchanges between
and Second Party organizations to identify and de?ne those requirements.

6. gaining organization wishing to establish, extend, or reallocate an
integrated position will prepare, coordinate, and formally track the necessary documentation
through the Second Party Affairs Of?ce of the Signals Intelligence (SIGINT) Operations Group
(DP 1 Foreign Affairs Directorate (FAD), and the Associate Directorate for Security 
Counterintelligence to the appropriate Director, Deputy Director, Associate Director,
or Chief of Staff. Extended Enterprise elements will work through the appropriate
governing Headquarters Directorate for review and approval. For SID, the approval authority is
in accordance with the SID Delegation of Approval Authorities matrix. The approved package
will be returned to FAD for final review and coordination with the affected Second Party Liaison
Office and subsequent administration of the accountability processes.

7. The appropriate Director, Associate Director, the SS Chief of
Staff, or a designee may approve waivers to this policy when necessary to effect rapid
reallocation of Second Party Integree resources in response to urgent mission requirements.

3

SA FOIA Case 100386 Page 00498

Doc ID: 663 6849


Policy 1?13 Dated: 31 December 2014

(3) 86?36



?o

8. (U) General criteria for establishing and staf?ng a new Second Party Integree
position.

a. SS organizations establishing a new Second Party Integree
position must ?rst clearly identify and carefully consider the speci?cimission and 
associated data needs. Raw intelligence products; orthe immediate I
capability to produce them shall be shared with Integrees.only,in accordance with DOD,
Intelligence Community (IC), and SID policy, as appropriate.

 

 

 

 

 In addition, a Non-Disclosure Agreement (NDA) shall
be executed with the Second Party Integree before release of any PROPIN data.

 

b. (Um There is no minimum assignment length required for a Second
Party Integree to obtain an account. Further, there is no minimum assignment
length required for a Second Party Integree to be eligible for access to raw SIGINT data.

c. Second Party personnel who are solely attending SS
sponsored training are exempt from this policy. However, if access to 
networks is a required part of their training, Second Party personnel shall adhere to
Policy 6-20 (Reference 

d. Security considerations regarding the work?related activities of
Second Party Integrees and associated access requirements shall be analyzed, and
associated risks mitigated, by the operational element and subject to review and
approval, to ensure compliance with information systems, physical, and personnel
security policies before establishing and staf?ng any position.

e. Prior to establishing and staf?ng a proposed Second Party Integree
position, all requirements shall be fully coordinated with the appropriate 
of?ces. New Second Party Integree positions or Second Party Integree assignment
extensions must receive prior approval by the head of the organization to which the
Integree will be assigned, or by those having speci?cally delegated approval authority.
Second Party Integree reassignment actions shall be coordinated through both the gaining
and the losing approval authorities; disagreements will be resolved at the lowest
appropriate levels. If the proposed Second Party Integree position will require rotational
assignments, such as is required for many developmental programs g, 
Mathematician Program, Language Analyst Training Program, etc), each rotational
assignment shall be handled as a Second Party Integree reassignment. All appropriate
approvals and applicable documentations must be obtained at least 90 days prior (or less,

4

NSA 01A Case 100386 Page 00499

Doc ID: 663 6849


Policy 1-13 Dated: 31 December 2014

if agreed to by the gaining and losing approval authorities) to the Second Party Integree
beginning the new rotational assignment.

9. In cases where a Second Party Integree will require interaction with any
US Government contractor, the US. Government contractor will be required to comply with
US. laws, rules, and regulations, including those governing exports the Arms Export
Control Act and the International Traf?c-In-Arms Regulations (ITAR), 22 CFR 120-130
(Reference D). The Of?ce of Export Control Policy (DJ 3) is the signatory and authority for
exemptions. DJ 3 identi?es the process required for contractors to interact with Second Party
Integrees (Reference 

10. (U) The Of?ce of the General Counsel will advise on any questions regarding
whether the integration of Second Party personnel into the SS workforce or Second Party
use of capabilities is consistent with the US. laws and procedures that govern
SS activities.

(U) RESPONSIBILITIES

ll. (UH-11999) Directors, Associate Directors, the Chief of Staff, and the
Extended Enterprise Commanders/Chiefs shall:

a. (Um- Identify requirements for Second Party Integree positions and
approve assignments, extensions, and reassignments within their respective
organizations;

b. Document Second Party Integree requirements for the Second
Party Affairs Of?ce (DP 1). This documentation shall include the following:

1) A justi?cation stating why establishing a particular Second
Party Integree position is necessary or beneficial to either the US. 
mission or the Second Party relationship;

2) description of the speci?c duties the Second Party
Integree will be performing;

3) (U) Affirmation that the level of intelligence and information assurance
sharing is consistent with current operational requirements and a statement that
lists the security clearances required for the position;

(11/ A statement of information system connectivity or access
requirements, including access tol Idatabases or
datasets and access to raw SIGINT data; Integrees into SID will follow SID
Management Directive 427 ?Access to Data for Second- Party Personnel Engaged
in SIGINT Production? (Reference 

 

 

(3) -P.L. 86?36
5

NSA FOIA Case 100386 Page 00500

Doc ID: 6636849


Policy l-l3 Dated: 31 December 2014

S) A description of the speci?c procedures that will be
instituted within the assigned operational element to prevent the inadvertent
disclosure of NOFORN information, information that is releasable to a
community of which the Second Party Integree is not a member (for example,
REL information for a Canadian Integree) (hereafter referred to as non-
releasable information), or SS Special Access Program material
(Reference i) unless separate approval has been granted per paragraph 3;

6) Agreement regarding nondisclosure of proprietary or
?commercial-in?con?dence? information which would otherwise be required or
available during a Second Party Integree?s tenure. Non-disclosure will be
managed within the organization to which the lntegree is assigned and an
acceptable plan must be in place to prevent the unauthorized and unintended
release of 

7) (U) Requirements for special training needed by the Second Party
lntegree, including mandatory intelligence oversight training, other training
required of personnel working under SIGINT authority, or
National School courses;

8) (UM-1999) Assurance that the Second Party parent organization,
through the Second Party Liaison Of?ce, maintains security oversight and
provides guidance for their assigned Second Party Integree persounel, in
coordination with FAD, and the involved 

 

9) 

 

86-3 

 

 

 

IO) An acknowledgement of specific, gaining organization
responsibilities with regard to the Integree?s operational and personnel
management needs. The gaining organization accepts responsibility for
performing active oversight of the Integree?s SIGINT or information assurance
(lA) activities. This includes, at a minimum, that the lntegree?s U.S. supervisor
will have an Annual Contribution Evaluation with objectives that require the
supervisor to:

a) (WW-Keep records of data access, especially non-
releasable data; and

b) Perform audits of requisite databases accesses.

6


NSA FOIA Case 100386 Page 00501

Doc ID: 6636849


Policy 1-13 Dated: 31 December 2014

c. Coordinate with the Technology Directorate, and the
relevant Oversight and Compliance Organization to assess potential security
vulnerabilities for integrating Second Party personnel into a speci?c operational element;

d. Review the quali?cations of, and approve or disapprove,
candidates who are nominated to ?ll Second Party Integree positions. Forward Second
Party Integree selections or non-selections to the Second Party Affairs Of?ce (DP 

(3) -P.L. 86-36


 

 

 

 

 

f. Coordinate with the Information Assurance Directorate (IAD)
when a Second Party Integree has an Of?ce of Primary Interest (OPI)-approved
requirement for access to United States Information Security data, including, but not
limited to, IA threat and vulnerability information, U.S. algorithms, 1A
techniques, or US. computer security information;

g. (UHFOHG) Coordinate with the appropriate Information Systems Security
Of?cer and/or Information?Systems Security Manager so that appropriate security 
certi?cation and accreditation documents, risk assessments, and security controls (if
required) can be updated before the Second Party Integree arrives for duty and is given
access to an information system, in accordance with Policy 6-20, ?Second
Party Access to SS SCI Iassified Information Systems? (Reference and

h. Advise the FAD Second Party Affairs Of?ce of any proposed
changes in the status of Second Party Integree positions, including rotation, extension,
and/or replacement of speci?c personnel, at least 90 days in advance of the proposed
change whenever possible.

12. (U) The Foreign Affairs Director shall:

a. (Un?Fe-Ue) Review all requests for establishing, extending, or reassigning
Second Party lntegree positions. This includes verifying and endorsing conformance
with existing policy and procedures;

b. Coordinate with Second Party Liaison Offices to establish Second
Party Integree positions and/or personnel status changes;

0. Advise the requesting operational element of candidates
nominated to fill Second Party Integree positions and the dates of availability. Solicit
operational element approval(s); 

cl. (U) Notify the affected Second Party Liaison Of?ce of approvals and

7

NSA FOIA Case 100386 Page 00502

Doc ID: 6636849


Policy l?13 Dated: 31 December 2014

disapprovals of Second Party Integree positions;

e. Advise appropriate organizations when all necessary
administrative, security, and personnel actions have been addressed by the responsible
of?ces prior to the arrival or transfer of an individual Second Party Integree;

f. Maintain a current corporate record of all Second Party Integrees at
NSAW and the Extended Enterprise, including names, assigned organization, and length
of tour; and

g. Ensure that the Second Party parent organization, through the
Second Party Liaison Of?ce, provides with clearance certi?cation and relevant
background information on a proposed Integree (at a minimum, name, date and place of
birth, date of last security background investigation or reinvestigation, citizenship, and
citizenship of spouse or ?signi?cant other? partner cohabitating with the Integree);

13. (U) The Associate Director for Security and Counterintelligence shall:

a. Review and assess the personnel and physical security
vulnerabilities of integrating Second Party personnel into speci?c operational
element positions and, if appropriate, provide recommendations to mitigate associated
risks;

b. (Um Establish individual security records on each Second Party
Integree consisting of basic identi?cation, clearance certi?cation status, and current
accesses, excluding personal data associated with background/vetting investigations and
updates, that remain under the purview of an Integree?s home agency;

c. Certify and maintain applicable identi?cation, clearance, and
eligibility for access information for all Second Party Integrees;

d. (U) Administer and maintain records of SS ?Special Access?
information granted to Second Party Integrees in accordance with Reference i; and

e. (U) Issue each Second Party Integree the appropriate access token (badge)
required for access to NSA/CSS-controlled campuses and buildings in accordance with
SS Policy 5-7, Badge Identi?cation System" (Reference 

14. (U) The Technology Director, as the Chief Information Of?cer, and the
SS Chief information Security Of?cer (CISO) shall:

a. Review and assess the information systems security rami?cations
of integrating or retaining Second Party personnel within speci?c operational
element positions;

8

SA FOIA Case 100386 Page 00503

Doc ID: 663 6849


Policy 1-13 Dated: 31 December 2014

b. Provide information systems security guidance, in accordance with
the requirements of References 3 and c, to organizations requesting Second Party
access to SS computer systems or networks and company and

 

c. lmplement and oversee the technical infrastructure that supports
digital identity Agencies Domain, Reference e) for Second Party
Integrees, enabling appropriate identi?cation, authorization, and audit capability for the
SS TOP SECRET SCI network.

(U) REFERENCES
15. (U) References:

a. (U) 5230.20, ?Visits and Assignments of Foreign Nationals,? dated
22 June 2005.

b. (U) 1CD 503, ?Information Technology Systems Security Risk Management,
erti?cation and Accreditation,? dated 15 September 2008. (Intelink)

c. (U) 8500.01, ?Cybersecurity,? dated 14 March 2014.

d. (U) Policy 6?3, ?Information Technology Security Authorization
Using the Risk Management Framework,? dated 7 March 2014.

e. (U) Policy 6?20, ?Second Party Access to 
lassified Information Systems,? dated 31 March 2014.

f. (U) International Traf?c in Arms Regulations (ITAR), 22 CFR 120-130, dated
29 August 2005.

g. (U) Policy 1?7, ?Technology Security Program,? dated
24 December 2013.

h. (U) SID Management Directive 427, ?Access to Classi?ed U.S. Intelligence
Information for Second Party Personnel,? dated 28 December 2013.

i (U) SS Policy 1-41, ?Programs for the Protection of Especially Sensitive
Classi?ed Information,? dated 7 March 2013 and revised 6 February 2014.

j. (U) SS Policy 5-7, SS Badge Identi?cation System,? dated
26 October 2007.

k. (U) Executive Order 12333, ?United States Intelligence Activities,? as
amended.

9

NSA FOIA Case 100386 Page 00504

Doc ID: 663 6849


Policy 1-13 Dated: 31 December 2014

(U) DEFINITIONS

16. Non-releasable Information NOFORN information or information that
is releasable to a community of which the Second Party Integree is not a member (for example,
REL information for a Canadian Integree).

17. (U) Global Cgptologic Enterprise SS worldwide personnel,
systems, and facilities:

a. (U) Headquarters: Primary location of the SS Senior
Leadership Team

b. (U) SS Washington (NSAW): SS facilities at the Fort Meade,
FANX, and associated campuses [Finksburg Kent Island, and all leased facilities in the
Baltimore/Washington metropolitan area].

0. (U) SS Extended Enterprise (Field): personnel, systems, and
facilities at locations other than NSAW. (Source: Corporate Glossary)

18. Raw SIGINT Data Any SIGINT data acquired either as a result of
search and development or targeted collection operations against a particular foreign intelligence
target before the information has been minimized and evaluated for foreign intelligence

purposes. (Source: Corporate Glossary)

19. (UALFQUG) Second Party - Any of the four countries with which the US.
Government maintains SIGINT and relationships, namely the United Kingdom, Canada,
Australia, and New Zealand.

20. Second Party Integree Second Party personnel integrated into an
SS or United States System element who, when integrated into an 
environment, are working solely under the direction and operational control of the
to conduct or information assurance activities that support
SS mission in accordance with authorities, rules, and regulations. Integrees
may be civilian or military Second Party SIGINT or IA personnel but may not be contractors.
Equivalent to the term Foreign Exchange Personnel: an individual from one of the Second Party
entities assigned to work for SS under SS authorities. Duties
associated with an Integree's position shall be performed in support of the mission and
in compliance with Executive Order 12333, ?United States Intelligence Activities,? as amended
(Reference 

21. (UALFQUQ) Second Party Liaison An individual representing one of the Second
Party nations' SIGINT or IA counterpart organizations at Duties associated with this
position will be performed primarily in support of the counterpart organization.

10

NSA OIA Case 100386 Page 00505