Status: In contract, 01-Jun-05
Summary of Order
The purpose of DOE O 471.3 Identifying and Protecting OUO Information is to establish requirements for identifying and marking to facilitate protecting the information and exempting it from Freedom of Information Act (FOIA) requests. This manual supplements the order.
LBNL Implementation
Only sections 2 and 9 apply to LBNL per C31 Reform as LBNL does not create OUO.
| Clause | Implementation | Status | |
|---|---|---|---|
| 2 | Ensure that unclassified documents originated by the contractor, produced by or for the contractor, or under the control of the contractor that have the potential to damage governmental, commercial, or private interests are identified as containing OUO information based on (a) guidance issued by the DOE, (b) guidance developed by the contractor that is consistent with guidance issued by the DOE, or (c) consideration that the information meets the criterion contained in paragraph 1b. | This is captured in our implementation memo. |  |
| 9 | Ensure that the following protection requirements are followed: | Protections under this section are communicated to users via the OUO Management and Storage Requirements. See below for additional notes on sub sections. | |
| a. | Protection in Use. Reasonable precautions must be taken to prevent access to documents marked as containing OUO information by persons who do not require the information to perform their jobs or other DOE-authorized activities (e.g., don’t read an OUO document in a public place, such as a cafeteria, on public transportation, etc.). | ||
| b. | Protection in Storage. Documents marked as containing OUO information may be stored in unlocked receptacles such as file cabinets, desks, or bookcases when Government or Government-contractor internal building security is provided during nonduty hours. When such internal building security is not provided, comparable measures should be taken, such as storing the documents in a locked room or other locked receptacle (e.g., a locked file cabinet, desk, bookcase, or briefcase). | | |
| c. | Reproduction. Documents marked as containing OUO information may be reproduced without the permission of the originator to the minimum extent necessary to carry out official activities. Copies must be marked and protected in the same manner as originals. Copy machine malfunctions must be cleared and all paper paths checked for papers containing OUO information. Excess paper containing OUO information must be destroyed as described below. | | |
| d. | Destruction. A document marked as containing OUO information must be destroyed by using a strip-cut shredder that produces strips no more than 1/4-inch wide or by any other means that provides a similar level of destruction that has been approved by the local security office. The decision to dispose of any DOE or NNSA document, whether it contains OUO information or not, must be consistent with the policies and procedures for records disposition. | Shredding specification may vary. | |
| e. | Transmission. (1) By Mail—Outside of a Facility. (a) Use a sealed, opaque envelope or wrapping and mark the envelope or wrapping with the recipient’s address, a return address, and the words “TO BE OPENED BY ADDRESSEE ONLY.” (b) Any of the following U.S. mail methods may be used: First Class, Express, Certified, or Registered Mail. (c) Any commercial carrier may be used. (2) By Mail—Within a Facility. Use a sealed, opaque envelope with the recipient’s address and the words “TO BE OPENED BY ADDRESSEE ONLY” on the front. (3) By Hand—Between Facilities or Within a Facility. A document marked as containing OUO information may be hand carried between or within a facility as long as the person carrying the document can control access to the document being transported. (4) Over Telecommunications Circuits. Documents marked as containing OUO should be protected by encryption when transmitted over telecommunications circuits whenever possible. This may be accomplished through DOE public key systems or use of encryption algorithms that comply with all applicable Federal laws, regulations, and standards (e.g., Entrust) that address the protection of sensitive unclassified information (see Chapter 9 of DOE M 200.1-1, “Public Key Cryptography and Key Management”). However, if such encryption capabilities are not available and transmission by mail is not a feasible alternative, then regular e-mail or facsimile machines may be used to transmit the document. (a) By Unencrypted Facsimile. An unencrypted facsimile transmission must be preceded by a telephone call to the recipient so that he or she can control the document when it is received. (b) By E-mail without Encryption. If encryption is not available and some form of protection is desired, the OUO information may be included in a word processing file that is protected by a password and attached to the email message. Then the sender can call the recipient with the password so that he or she can access the file. | Encryption is not widely available at LBNL; users are advised to encrypt when possible. | |
| f. | Transmission over Voice Circuits. OUO information transmitted over voice circuits should be protected by encryption (see DOE M 200.1-1, Chapter 9, for requirements) whenever possible. However, if such encryption capabilities are not available and transmission by other encrypted means is not a feasible alternative, then regular voice circuits may be used. | See encryption note in e. | |
| g. | Processing on Automated Information Systems. An automated information system (AIS) or AIS network must provide methods (e.g., authentication, file access controls, passwords) to prevent access to OUO information stored on the system by persons who do not require the information to perform their jobs or other DOE-authorized activities | LBNL does not have any systems processing OUO; all systems have controls to prevent unauthorized access. | |
