82 FR 41503 - Safeguarding of Restricted Data by Access Permittees

DEPARTMENT OF ENERGY

Federal Register Volume 82, Issue 169 (September 1, 2017)

The Department of Energy (DOE or Department) has revised its regulations governing the standards for safeguarding Restricted Data by access permittees. The previous version of this regulation was promulgated in 1983. Since 1983, changes in organizations, terminology, and DOE and national policies rendered portions of the previous regulation outdated. This version updates existing requirements.

[Federal Register Volume 82, Number 169 (Friday, September 1, 2017)]
[Rules and Regulations]
[Pages 41503-41508]
From the Federal Register Online  [www.thefederalregister.org]
[FR Doc No: 2017-18043]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF ENERGY

10 CFR Part 1016

[Docket No. DOE-HQ-2015-0029-0001]
RIN 1992-AA46


Safeguarding of Restricted Data by Access Permittees

AGENCY: Department of Energy.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: The Department of Energy (DOE or Department) has revised its 
regulations governing the standards for safeguarding Restricted Data by 
access permittees. The previous version of this regulation was 
promulgated in 1983. Since 1983, changes in organizations, terminology, 
and DOE and national policies rendered portions of the previous 
regulation outdated. This version updates existing requirements.

DATES: This rule is effective October 2, 2017.

FOR FURTHER INFORMATION CONTACT: Ms. Linda Ruhnow, Office of Security 
Policy at (301) 903-2661; [email protected].

SUPPLEMENTARY INFORMATION:

I. Background
II. Section by Section Analysis
III. Regulatory Review and Procedural Requirements
    A. Review Under Executive Order 12866
    B. Review Under the Regulatory Flexibility Act
    C. Review Under Paperwork Reduction Act
    D. Review Under the National Environmental Policy Act
    E. Review Under Executive Order 13132
    F. Review Under Executive Order 12988
    G. Review Under the Unfunded Mandates Reform Act of 1995
    H. Review Under Executive Order 13211
    I. Review Under the Treasury and General Government 
Appropriations Act of 1999
    J. Congressional Notification
    K. Approval by the Office of the Secretary

I. Background

    The U.S. Department of Energy may issue an access permit to any 
person, as set forth in 10 CFR part 725, who requires access to 
Restricted Data applicable to civil uses of atomic energy for use in 
his/her business, trade or profession. 10 CFR part 725 specifies the 
terms and conditions under which the Department will issue an access 
permit and provides for the amendment, renewal, suspension, termination 
and revocation of an access permit.
    The regulations in 10 CFR part 1016 establish requirements for the 
safeguarding of Secret and Confidential Restricted Data received or 
developed under an access permit. This part does not apply to Top 
Secret information because no such information may be provided to an 
access permittee within the scope of this regulation. The regulations 
in this part apply to all persons who may require access to Restricted 
Data used, processed, stored, reproduced, transmitted, or handled in 
connection with an access permit.
    The original regulations for the safeguarding of Restricted Data 
were Atomic Energy Commission regulations that were transferred to the 
Energy Research and Development Administration (ERDA) upon its 
formation in 1974 (Energy Reorganization Act of 1974; Pub. L. 93-438). 
The regulations were subsequently revised to conform to ERDA's 
organization (41 FR 56775, 41 FR 56785-56788, Dec. 30, 1976). The 
regulations were updated and transferred from 10 CFR part 795 to 10 CFR 
part 1016 in Aug. 10, 1983 (48 FR 36432). DOE has developed this 
version of 10 CFR part 1016 to reflect organizational, terminology and 
policy changes that have occurred since the regulations were last 
revised.
    DOE proposed changes to the regulations at 10 CFR part 1016 on 
November 16, 2016 (81 FR 80612). No comments were received. No changes 
were made to the proposed regulations except to modify the definition 
of an ``L'' access authorization in Sec.  1016.3, Definitions.

II. Section by Section Analysis

    With the exception of the definition of an ``L'' access 
authorization in Sec.  1016.3, Definitions, the modifications to 10 CFR 
part 1016 adopted in this final rule are described in the Section by 
Section Analysis in section II of DOE's notice of proposed rulemaking 
published on November 16, 2016 (81 FR 80612). In Sec.  1016.3, 
Definitions, the definition of ``L'' access authorization was modified 
from DOE's proposed changes to update the type of background 
investigation required by DOE and national level directives. The 
reference to National Agency Checks with Local Agency Checks and Credit 
Check background investigation has been replaced with a Tier III 
background investigation.

III. Rulemaking Requirements

A. Review Under Executive Order 12866

    This action does not constitute a ``significant regulatory action'' 
as defined in section 3(f) of Executive Order 12866, ``Regulatory 
Planning and Review'' (58 FR 51735).

B. Review Under the Regulatory Flexibility Act

    The Regulatory Flexibility Act (5 U.S.C. 601 et seq.) requires 
preparation of a regulatory flexibility analysis for any rule that by 
law must be proposed for public comment, unless the agency certifies 
that the rule, if promulgated, will not have a significant economic 
impact on a substantial number of small entities. As required by 
Executive Order 13272, ``Proper Consideration of Small Entities in 
Agency Rulemaking'' (67 FR 53461, Aug. 16, 2002), DOE published 
procedures and policies on February 19, 2003, to ensure that the 
potential impacts of its rules on small entities are properly 
considered during the rulemaking process. DOE has made its procedures 
and policies available on the Office of the General Counsel's Web site 
(www.gc.doe.gov).
    DOE has reviewed this rule under the Regulatory Flexibility Act and 
certifies that, as adopted, the rule would not have a significant 
impact on a substantial number of small entities.

[[Page 41504]]

This action amends an existing rule which establishes safeguarding of 
Restricted Data by persons granted an Access Permit according to 10 CFR 
part 725. The rule would only apply to Access Permittees, of which 
there are historically very few (e.g., between zero and five), and the 
changes are administrative changes (such as renumbering of several 
parts and changing office names to reflect a recent reorganization), 
updates to enable consistency with current policies and practices, and 
clarification of requirements.
    Because these standards and requirements consist of clarifications 
and updates to existing standards and requirements, DOE does not expect 
that the impact on any Access Permittees would be significant. DOE 
sought comment on its estimate of the number of small entities and the 
expected effects of this rule and received no comments.
    For the above reasons, DOE certifies that the rule, as adopted, 
will not have a significant economic impact on a substantial number of 
small entities.

C. Review Under Paperwork Reduction Act

    This rule does not contain a collection of information subject to 
OMB approval under the Paperwork Reduction Act.

D. Review Under the National Environmental Policy Act

    This rule amends existing policies and procedures establishing 
safeguarding of Restricted Data standards and requirements for Access 
Permittees and has no significant environmental impact. Consequently, 
the Department has determined that this rule is covered under 
Categorical Exclusion A-5, of appendix A to subpart D, 10 CFR part 
1021, which applies to a rulemaking that addresses amending an existing 
rule or regulation that does not change the environmental effect of the 
rule or regulation being amended. Accordingly, neither an environmental 
assessment nor an environmental impact statement is required.

E. Review Under Executive Order 13132

    Executive Order 13132, ``Federalism,'' (64 FR 43255, August 4, 
1999), imposes certain requirements on agencies formulating and 
implementing policies or regulations that preempt State law or that 
have federalism implications. Agencies are required to develop a formal 
process to ensure meaningful and timely input by State and local 
officials in the development of regulatory policies that have 
``federalism implications.'' Policies that have federalism implications 
are defined in the Executive Order to include regulations that have 
``substantial direct effects on the States, on the relationship between 
the national government and the States, or on the distribution of power 
and responsibilities among the various levels of government.'' On March 
7, 2011, DOE published a statement of policy describing the 
intergovernmental consultation process it will follow in the 
development of such regulations (65 FR 13735, March 14, 2000).
    DOE has examined this rule and has determined that it does not have 
a substantial direct effect on the States, on the relationship between 
the national government and the States, or on the distribution of power 
and responsibilities among the various levels of government. No further 
action is required by Executive Order 13132.

F. Review Under Executive Order 12988

    Section 3 of Executive Order 12988, (61 FR 4729, February 7, 1996), 
instructs each agency to adhere to certain requirements in promulgating 
new regulations. These requirements, set forth in section 3(a) and (b), 
include eliminating drafting errors and needless ambiguity, drafting 
the regulations to minimize litigation, providing clear and certain 
legal standards for affected legal conduct, and promoting 
simplification and burden reduction. Agencies are also instructed to 
make every reasonable effort to ensure that the regulation describes 
any administrative proceeding to be available prior to judicial review 
and any provisions for the exhaustion of administrative remedies. The 
Department has determined that this regulatory action meets the 
requirements of section 3(a) and (b) of Executive Order 12988.

G. Review Under the Unfunded Mandates Reform Act of 1995

    Title II of the Unfunded Mandates Reform Act of 1995 (UMRA) 
requires each Federal agency to assess the effects of Federal 
regulatory action on state, local and tribal governments and the 
private sector. For regulatory actions likely to result in a rule that 
may cause expenditures by State, local, and Tribal governments, in the 
aggregate, or by the private sector of $100 million or more in any one 
year (adjusted annually for inflation), section 202 of UMRA requires a 
Federal agency to publish estimates of the resulting costs, benefits, 
and other effects on the national economy. UMRA also requires Federal 
agencies to develop an effective process to permit timely input by 
elected officers of State, local, and Tribal governments on a proposed 
``significant intergovernmental mandate.'' In addition, UMRA requires 
an agency plan for giving notice and opportunity for timely input to 
small governments that may be affected before establishing a 
requirement that might significantly or uniquely affect them. On March 
18, 1997, DOE published a statement of policy on its process for 
intergovernmental consultation under UMRA (62 FR 12820, March 18, 
1997). (This policy is also available at http://www.gc.doe.gov.) This 
rule contains neither an intergovernmental mandate, nor a mandate that 
may result in the expenditure of $100 million or more in any year, so 
these requirements do not apply.

H. Review Under Executive Order 13211

    Executive Order 13211, ``Actions Concerning Regulations That 
Significantly Affect Energy Supply, Distribution, or Use,'' (66 FR 
28355, May 22, 2001) requires Federal agencies to prepare and submit to 
the Office of Information and Regulatory Affairs (OIRA), Office of 
Management and Budget, a Statement of Energy Effects for any 
significant energy action. A ``significant energy action'' is defined 
as any action by an agency that promulgates or is expected to lead to 
the promulgation of a final rule, and that: (1) Is a significant 
regulatory action under Executive Order 12866, or any successor order; 
and (2) is likely to have a significant adverse effect on the supply, 
distribution, or use of energy; or (3) is designated by the 
Administrator of OIRA as a significant energy action. For any 
significant energy action, the agency must give a detailed statement of 
any adverse effects on energy supply, distribution, or use should the 
proposal be implemented, and of reasonable alternates to the action and 
their expected benefits on energy supply, distribution, and use.
    This rule is not a significant energy action, nor has it been 
designated as such by the Administrator of OIRA. Accordingly, DOE has 
not prepared a Statement of Energy Effects.

I. Review Under the Treasury and General Government Appropriations Act, 
1999

    Section 654 of the Treasury and General Government Appropriations 
Act, 1999 (Pub. L. 105-277) requires Federal agencies to issue a Family 
Policymaking Assessment for any proposed rule or policy that may affect 
family well-being. This rule would not have any impact on the autonomy 
or integrity of the family as an institution. Accordingly, DOE has 
concluded that it

[[Page 41505]]

is not necessary to prepare a Family Policymaking Assessment.

J. Congressional Notification

    As required by 5 U.S.C. 801, DOE will report to Congress on the 
promulgation of this rule before its effective date. The report will 
state that it has been determined that the rule is not a ``major rule'' 
as defined by 5 U.S.C. 804(2).

K. Approval by the Office of the Secretary

    The Secretary of Energy has approved publication of this final 
rule.

List of Subjects in 10 CFR Part 1016

    Classified information, Nuclear energy, Reporting and recordkeeping 
requirements, Security measures.

    Issued in Washington, DC, on August 15, 2017.
Andrew C. Lawrence,
Acting Associate Under Secretary for Environment, Health, Safety and 
Security.

    For the reasons set out in the preamble, DOE amends part 1016 of 
title 10 of the Code of Federal Regulations as set forth below:

PART 1016--SAFEGUARDING OF RESTRICTED DATA BY ACCESS PERMITTEES

0
1. The authority citation for part 1016 continues to read as follows:

    Authority: Sec. 161.i. of the Atomic Energy Act of 1954, 68 
Stat. 948 (42 U.S.C. 2201).


0
2. The part heading for part 1016 is revised to read as set forth 
above.

0
3. Section 1016.3 is amended by:
0
 a. Revising paragraph (a).
0
 b. Removing paragraph (c).
0
 c. Redesignating paragraphs (d) and (e) as paragraphs (c) and (d), 
respectively.
0
 d. Revising newly designated paragraphs (c) and (d).
0
 e. Redesignating paragraphs (f) and (g) as paragraphs (e) and (f), 
respectively.
0
 f. Removing paragraph (h).
0
g. Redesignating paragraphs (i) through (k) as paragraphs (g) through 
(i), respectively.
0
 h. Revising newly designated paragraphs (h) and (i).
0
 i. Removing paragraphs (l) and (m).
0
 j. Redesignating paragraphs (n) through (z) as paragraphs (j) through 
(v), respectively.
0
 k. Revising newly designated paragraphs (k) and (u).
    The revisions read as follows:


Sec.  1016.3  Definitions.

    (a) Access authorization. An administrative determination by DOE 
that an individual who is either a DOE employee, applicant for 
employment, consultant, assignee, other Federal department or agency 
employee (or other persons who may be designated by the Secretary of 
Energy), or a DOE contractor or subcontractor employee, or an access 
permittee is eligible for access to Restricted Data. Access 
authorizations granted by DOE are designated as ``Q,'' ``Q(X),'' ``L,'' 
or ``L(X).''
    (1) ``Q'' access authorizations are based upon single scope 
background investigations as set forth in applicable DOE and national-
level directives. They permit an individual who has ``need to know'' 
access to Top Secret, Secret and Confidential Restricted Data, Formerly 
Restricted Data, National Security Information, or special nuclear 
material in Category I or II quantities as required in the performance 
of duties, subject to additional determination that permitting this 
access will not endanger the common defense or national security of the 
United States. There may be additional requirements for access to 
specific types of RD information.
    (2) ``Q(X)'' access authorizations are based upon the same level of 
investigation required for a Q access authorization. When ``Q'' access 
authorizations are granted to access permittees they are identified as 
``Q(X)'' access authorizations and, as need-to-know applies, authorize 
access only to the type of Secret Restricted Data as specified in the 
permit and consistent with appendix A, 10 CFR part 725, ``Categories of 
Restricted Data Available.''
    (3) ``L'' access authorizations are based upon a Tier III (formerly 
National Agency Check with Local Agency Checks and Credit Checks 
(NACLC)/Access National Agency Check with Inquiries (ANACI)) background 
investigation as set forth in applicable national-level directives. 
They permit an individual who has ``need to know'' access to 
Confidential Restricted Data, Secret and Confidential Formerly 
Restricted Data, or Secret and Confidential National Security 
Information, required in the performance of duties, provided such 
information is not designated ``CRYPTO'' (classified cryptographic 
information), ``COMSEC'' (communications security), or intelligence 
information and subject to additional determination that permitting 
this access will not endanger the common defense or national security 
of the United States. There may be additional requirements for access 
to specific types of RD information.
    (4) ``L(X)'' access authorizations are based upon the same level of 
investigation required for an ``L'' access authorization. When ``L'' 
access authorizations are granted to access permittees, they are 
identified as ``L(X)'' access authorizations and, as need to know 
applies, authorize access only to the type of Confidential Restricted 
Data as specified in the permit and consistent with appendix A, 10 CFR 
part 725, ``Categories of Restricted Data Available.''
* * * * *
    (c) Classified mail address. A mail address established for each 
access permittee and approved by the DOE to be used when sending 
Restricted Data to the permittee.
    (d) Classified matter. Anything in physical form (including, but 
not limited to documents and material) that contains or reveals 
classified information.
* * * * *
    (h) Infraction. An act or omission involving failure to comply with 
DOE safeguards and security orders, directives, or approvals and may 
include a violation of law.
    (i) Intrusion detection system. A security system consisting of 
sensors capable of detecting one or more types of phenomena, signal 
media, annunciators, energy sources, alarm assessment systems, and 
alarm reporting elements including alarm communications and information 
display equipment.
* * * * *
    (k) National Security Information. Information that has been 
determined pursuant to Executive Order 13526, as amended ``Classified 
National Security Information'' or any predecessor order to require 
protection against unauthorized disclosure and is marked to indicate 
its classified status when in documentary form.
* * * * *
    (u) Security Plan. A written plan by the access permittee, and 
submitted to the DOE for approval, which outlines the permittee's 
proposed security procedures and controls for the protection of 
Restricted Data and which includes a floor plan of the area in which 
the classified matter is to be used, processed, stored, reproduced, 
transmitted, or handled.
* * * * *

0
4. Section 1016.4 is revised to read as follows:


Sec.  1016.4  Communications.

    Communications concerning rulemaking, i.e., petition to change this 
part, should be addressed to the Associate Under Secretary, Office of 
Environment, Health, Safety and

[[Page 41506]]

Security, AU-1/Forrestal Building, Office of Environment, Health, 
Safety and Security, U.S. Department of Energy, 1000 Independence 
Avenue SW., Washington, DC 20585. All other communications concerning 
the regulations in this part should be addressed to the cognizant DOE 
or National Nuclear Security Administration (NNSA) office.

0
5. Section 1016.5 is revised to read as follows:


Sec.  1016.5  Submission of procedures by access permit holder.

    No access permit holder shall have access to Restricted Data until 
he has submitted to the DOE a written statement of his procedures for 
the safeguarding of Restricted Data and for the security education of 
his employees, and DOE shall have determined and informed the permittee 
that his procedures for the safeguarding of Restricted Data are in 
compliance with the regulations in this part and that his procedures 
for the security education of his employees, who will have access to 
Restricted Data, are informed about and understand the regulations in 
this part. These procedures must ensure that employees with access to 
Restricted Data are informed about and understand who is authorized or 
required to classify and declassify RD and FRD information and 
classified matter as well as how documents containing RD or FRD are 
marked (see 10 CFR part 1045) and safeguarded.

0
6. The heading for Sec.  1016.8 is revised to read as follows:


Sec.  1016.8  Request for security facility approval.

* * * * *

0
7. Section 1016.9 is revised to read as follows:


Sec.  1016.9  Processing security facility approval.

    Following receipt of an acceptable request for security facility 
approval, the DOE will perform an initial security survey of the 
permittee's facility to determine that granting a security facility 
approval would be consistent with the national security. If DOE makes 
such a determination, security facility approval will be granted. If 
not, security facility approval will be withheld pending compliance 
with the security survey recommendations or until a waiver is granted 
pursuant to Sec.  1016.6.

0
8. Section 1016.10 is revised to read as follows:


Sec.  1016.10  Granting, denial, or suspension of security facility 
approval.

    Notification of the DOE's granting, denial, or suspension of 
security facility approval will be furnished the permittee in writing, 
or orally with written confirmation. This information may also be 
furnished to representatives of the DOE, DOE contractors, or other 
Federal agencies having a need to transmit Restricted Data to the 
permittee.

0
9. Section 1016.11 is revised to read as follows:


Sec.  1016.11  Cancellation of requests for security facility approval.

    When a request for security facility approval is to be withdrawn or 
cancelled, the cognizant DOE Office will be notified by the requester 
immediately by telephone and confirmed in writing so that processing of 
this approval may be terminated.

0
10. Section 1016.12 is revised to read as follows:


Sec.  1016.12  Termination of security facility approval.

    (a) Security facility approval will be terminated when:
    (1) There is no longer a need to use, process, store, reproduce, 
transmit, or handle Restricted Data at the facility; or
    (2) The DOE makes a determination that continued security facility 
approval is not in the interest of common defense and security.
    (b) The permittee will be notified in writing of a determination to 
terminate facility approval, and the procedures outlined in Sec.  
1016.27 will apply.


Sec.  Sec.  1016.21 through 1016.23  [Redesignated as Sec. Sec.  
1016.13 through 1016.15 and Amended]

0
11. Sections 1016.21 through 1016.23 are redesignated as Sec. Sec.  
1016.13 through 1016.15 and newly redesignated Sec. Sec.  1016.13 
through 1016.15 are revised to read as follows:


Sec.  1016.13  Protection of Restricted Data in storage.

    (a) Persons who possess Restricted Data pursuant to an Access 
Permit shall store the Restricted Data classified matter when not in 
use in a locked storage container or DOE-approved vault to which only 
persons with appropriate access authorization and a need to know the 
information contained have access. Storage containers used for storing 
classified matter must conform to U.S. General Services Administration 
(GSA) standards and specifications.
    (b) Each permittee shall change the combination on locks of his 
safekeeping equipment whenever such equipment is placed in use, 
whenever an individual knowing the combination no longer requires 
access to the repository as a result of change in duties or position in 
the permittee's organization, or termination of employment with the 
permittee or whenever the combination has been subjected to compromise, 
and in any event at least once a year. Permittees shall classify 
records of combinations no lower than the highest classification of the 
classified matter authorized for storage in the safekeeping equipment 
concerned.


Sec.  1016.14  Protection of Restricted Data while in use.

    While in use, classified matter containing Restricted Data shall be 
under the direct control of a person with the appropriate access 
authorization and need to know. Unauthorized access to the Restricted 
Data shall be precluded.


Sec.  1016.15  Establishment of security areas.

    (a) When, because of their nature or size, it is impracticable to 
safeguard classified matter containing Restricted Data in accordance 
with the provisions of Sec. Sec.  1016.13 and 1016.14, a security area 
to protect such classified matter shall be established.
    (b) The following controls shall apply to security areas:
    (1) Security areas shall be separated from adjacent areas by a 
physical barrier designed to prevent entrance into such areas, and 
access to the Restricted Data within the areas, by unauthorized 
individuals.
    (2) During working hours, admittance shall be controlled by an 
appropriately cleared individual posted at each unlocked entrance.
    (3) During nonworking hours, admittance shall be controlled by 
protective personnel on patrol, with protective personnel posted at 
unlocked entrances, or by such intrusion detection system as DOE 
approves.
    (4) Each individual authorized to enter a security area shall be 
issued a distinctive badge or pass when the number of employees 
assigned to the area exceeds thirty.


Sec.  1016.24  [Redesignated as Sec.  1016.16]

0
12. Section 1016.24 is redesignated as Sec.  1016.16.


Sec.  1016.25  [Redesignated as Sec.  1016.17 and Amended]

0
13. Section 1016.25 is redesignated as Sec.  1016.17 and newly 
redesignated Sec.  1016.17 is revised to read as follows:


Sec.  1016.17  Protective personnel.

    Whenever armed protective personnel are required in accordance with 
Sec.  1016.15, such protective personnel shall:

[[Page 41507]]

    (a) Possess a ``Q'' or ``L'' access authorization or ``Q(X)'' or 
``L(X)'' access authorization if the Restricted Data being protected is 
classified Confidential, or a ``Q'' access authorization or ``Q(X)'' 
access authorization if the Restricted Data being protected is 
classified Secret.
    (b) Be armed with sidearms of 9mm or greater.


Sec.  Sec.  1016.31 through 1016.34  [Redesignated as Sec. Sec.  
1016.18 through 1016.21 and Amended]

0
14. Sections 1016.31 through 1016.34 are redesignated as Sec. Sec.  
1016.18 through 1016.21 and newly redesignated Sec. Sec.  1016.18 
through 1016.21 are revised to read as follows:


Sec.  1016.18  Access to Restricted Data.

    (a) Except as DOE may authorize, no person subject to the 
regulations in this part shall permit any individual to have access to 
Restricted Data in his possession unless the individual has an 
appropriate access authorization granted by DOE, or has been certified 
by DOD or NASA through DOE; and
    (1) The individual is authorized by an Access Permit to receive 
Restricted Data in the categories involved and the permittee determines 
that such access is required in the course of his duties; or
    (2) The individual needs such access in connection with such duties 
as a DOE employee or DOE contractor employee, or as certified by DOD or 
NASA.
    (b) Inquiries concerning the access authorization status of 
individuals, the scope of Access Permits, or the nature of contracts 
should be addressed to the cognizant DOE or NNSA office.


Sec.  1016.19  Review, classification and marking of classified 
information.

    (a) Classification. Restricted Data generated or possessed by an 
Access Permit holder must be appropriately classified and marked in 
accordance with 10 CFR part 1045. CG-DAR-2, ``Guide to the Declassified 
Areas of Nuclear Energy Research U 08/98,'' will be furnished each 
permittee. In the event a permittee originates classified information 
which falls within the definition of Restricted Data or information for 
which the permittee is not positive that the information is outside of 
that definition and CG-DAR-2 does not provide positive classification 
guidance for such information, the permittee shall designate the 
information as Confidential, Restricted Data and request classification 
guidance from the DOE through the Classification Officer at the 
cognizant DOE or NNSA office. If the DOE Classification Officer does 
not have authority to provide the guidance, he will refer the request 
to the Director, Office of Classification, AU-60/Germantown Building, 
Office of Environment, Health, Safety and Security, U.S. Department of 
Energy, 1000 Independence Avenue SW., Washington, DC 20585-1290.
    (b) Challenges. If a person receives a document or other classified 
matter which, in his opinion, is not properly classified, or omits the 
appropriate classification markings, he is encouraged to challenge the 
classification and there shall be no retribution for submitting a 
challenge. Challenges shall be submitted in accordance with 10 CFR part 
1045.
    (c) Classification markings. Restricted Data generated or possessed 
by an individual approved for access must be appropriately identified 
and marked in accordance with 10 CFR part 1045, Nuclear Classification 
and Declassification. Questions and requests for additional direction 
or guidance regarding the marking of classified matter may be submitted 
to the Director, Office of Classification, AU-60/Germantown Building, 
Office of Environment, Health, Safety and Security, U.S. Department of 
Energy, 1000 Independence Avenue SW., Washington, DC 20585-1290.


Sec.  1016.20  External transmission of Restricted Data.

    (a) Restrictions. (1) Restricted Data shall be transmitted only to 
persons who possess appropriate access authorization, need to know, and 
are otherwise eligible for access under the requirements of Sec.  
1016.18.
    (2) In addition, such classified matter containing Restricted Data 
shall be transmitted only to persons who possess approved facilities 
for their physical security consistent with this part. Any person 
subject to the regulations in this part who transmits such Restricted 
Data containing Restricted Data shall be deemed to have fulfilled his 
obligations under this paragraph (a)(2) by securing a written 
certification from the prospective recipient that such recipient 
possesses facilities for its physical security consistent with this 
part.
    (3) Restricted Data shall not be exported from the United States 
without prior authorization from DOE.
    (b) Preparation of documents. Documents containing Restricted Data 
shall be prepared for transmission outside an individual installation 
in accordance with the following:
    (1) They shall be enclosed in two sealed, opaque envelopes or 
wrappers.
    (2) The inner envelope or wrapper shall be addressed in the 
ordinary manner and sealed with tape, the appropriate classification 
shall be marked on both sides of the envelope, and any additional 
marking required by 10 CFR part 1045 shall be applied.
    (3) The outer envelope or wrapper shall be addressed in the 
ordinary manner. No classification, additional marking, or other 
notation shall be affixed which indicates that the document enclosed 
therein contains classified information or Restricted Data.
    (4) A receipt which identifies the document, the date of transfer, 
the recipient, and the person transferring the document shall accompany 
the document and shall be signed by the recipient and returned to the 
sender whenever the custody of a document containing Secret Restricted 
Data is transferred.
    (c) Preparation of other classified matter. Classified matter, 
other than documents, containing Restricted Data shall be prepared for 
shipment outside an individual installation in accordance with the 
following:
    (1) The classified matter shall be so packaged that the classified 
characteristics will not be revealed.
    (2) A receipt which identifies the classified matter, the date of 
shipment, the recipient, and the person transferring the classified 
matter shall accompany the classified matter, and the recipient shall 
sign such receipt whenever the custody of classified matter containing 
Secret Restricted Data is transferred.
    (d) Methods of transportation. (1) Secret classified matter shall 
be transported only by one of the following methods:
    (i) By messenger-courier system specifically created for that 
purpose and approved for use by DOE.
    (ii) Registered mail.
    (iii) By protective services provided by United States air or 
surface commercial carriers under such conditions as may be preserved 
by the DOE.
    (iv) Individuals possessing appropriate DOE access authorization 
who have been given written authority by their employers.
    (2) Confidential classified matter may be transported by one of the 
methods set forth in paragraph (d)(1) of this section or by U.S. first 
class, express, or certified mail.
    (e) Telecommunication of classified information. There shall be no 
telecommunication of Restricted Data unless the secure 
telecommunication system has been approved by the DOE.

[[Page 41508]]

Sec.  1016.21  Accountability for Secret Restricted Data.

    Each permittee possessing classified matter (including classified 
matter in electronic format) containing Secret Restricted Data shall 
establish accountability procedures and shall maintain logs to document 
access to and record comprehensive disposition information for all such 
classified matter that has been in his custody at any time.


Sec.  1016.35  [Redesignated as Sec.  1016.22]

0
15. Section 1016.35 is redesignated as Sec.  1016.22.


Sec.  Sec.  1016.36 and 1016.37  [Redesignated as Sec. Sec.  1016.23 
and 1016.24 and Amended]

0
16. Sections 1016.36 and 1016.37 are redesignated as Sec. Sec.  1016.23 
and 1016.24 and newly redesignated Sec. Sec.  1016.23 and 1016.24 are 
revised to read as follows:


Sec.  1016.23  Changes in classification.

    Classified matter containing Restricted Data shall not be 
downgraded or declassified except as authorized by DOE and in 
accordance with 10 CFR part 1045.


Sec.  1016.24  Destruction of classified matter containing Restricted 
Data.

    Documents containing Restricted Data may be destroyed by burning, 
pulping, or another method that assures complete destruction of the 
information which they contain. Restricted Data contained in classified 
matter, other than documents, may be destroyed only by a method that 
assures complete obliteration, removal, or destruction of the 
Restricted Data.

0
17. Add Sec.  1016.25 to read as follows:


Sec.  1016.25  Storage, use, processing, transmission and destruction 
of classified information on computers, computer networks, electronic 
devices/media and mobile devices.

    Storage, use, processing, and transmission of Restricted Data on 
computers, computer networks, electronic devices/media and mobile 
devices must be approved by DOE. DOE-approved methods must be used when 
destroying classified information that is in electronic format.


Sec.  1016.38  [Redesignated as Sec.  1016.26]

0
18. Section 1016.38 is redesignated as Sec.  1016.26.


Sec.  1016.39  [Redesignated as Sec.  1016.27 and Amended]

0
19. Section 1016.39 is redesignated as Sec.  1016.27 and newly 
redesignated Sec.  1016.27 is revised to read as follows:


Sec.  1016.27  Termination, suspension, or revocation of security 
facility approval.

    (a) In accordance with Sec.  1016.12, if the need to use, process, 
store, reproduce, transmit, or handle classified matter no longer 
exists, the security facility approval will be terminated. The 
permittee may deliver all Restricted Data to the DOE or to a person 
authorized to receive them; or the permittee may destroy all such 
Restricted Data. In either case, the facility must submit a 
certification of non-possession of Restricted Data to the DOE.
    (b) In any instance where security facility approval has been 
suspended or revoked based on a determination of the DOE that further 
possession of classified matter by the permittee would endanger the 
common defense and national security, the permittee shall, upon notice 
from the DOE, immediately deliver all Restricted Data to the DOE along 
with a certificate of non-possession of Restricted Data.


Sec.  Sec.  1016.40 through 1016.42  [Redesignated as Sec. Sec.  
1016.28 through 1016.30]

0
20. Sec. Sec.  1016.40 through 1016.42 are redesignated as Sec. Sec.  
1016.28 through 1016.30.


Sec.  1016.43  [Redesignated as Sec.  1016.31 and Amended]

0
21. Section 1016.43 is redesignated as Sec.  1016.31 and newly 
redesignated Sec.  1016.31 is revised to read as follows:


Sec.  1016.31  Inspections.

    The DOE shall make such inspections and surveys of the premises, 
activities, records, and procedures of any person subject to the 
regulations in this part as DOE deems necessary to effectuate the 
purposes of the Act, Executive Order 13526, and DOE orders and 
procedures.


Sec.  1016.44  [Redesignated as Sec.  1016.32]

0
22. Section 1016.44 is redesignated as Sec.  1016.32.

[FR Doc. 2017-18043 Filed 8-31-17; 8:45 am]
BILLING CODE 6450-01-P