TEAMS-Next Statement of Work Security Operations and Counterintelligence September 20, 2021

 
TEAMS-Next Statement of Work Security Operations and Counterintelligence September 20, 2021
HQ0858-21-R-0015
                                            Attachment J-01 Security and CI SOW

     TEAMS-Next Statement of Work
Security Operations and Counterintelligence
            September 20, 2021

              Approved for Public Release
              21-MDA-10929 (18 Aug 21)
                          1
HQ0858-21-R-0015
                                                               Attachment J-01 Security and CI SOW

                                Revision History

Author   Date   MR Number   P0000X               Reason For Change(s)                  SOW Version

                            Approved for Public Release
                            21-MDA-10929 (18 Aug 21)
                                        2
HQ0858-21-R-0015
                                                                        Attachment J-01 Security and CI SOW

1.0 Top Level Overview

1.1 Purpose

   This Statement of Work (SOW) supports the Missile Defense Agency's (MDA) mission to
   develop, test, and field an integrated, layered Missile Defense System (MDS) to defend the
   United States (U.S.), its deployed forces, allies, and friends against all ranges of enemy
   ballistic missiles in all phases of flight. The types of support required includes: 1)
   engineering and technical support; 2) studies, analyses, and evaluations, and 3) management
   and professional services.

   This contract consists of the Security and Counterintelligence requirement. The Security
   requirement consists of supporting the development, implementation, maintenance, and
   assessment of security, emergency management, and program protection for the integrated,
   layered Missile Defense System (MDS). Efforts include assisting with: Government review
   and disclosure of U.S. Classified Military Information (CMI) and Controlled Unclassified
   information (CUI) to foreign governments and international organizations; International
   visits and assignments to the MDA; Technology transfer; Munitions export/import licensing
   for all MDA personnel, offices, components, and support contractors or organizations that
   receive funding from MDA; and, Declassification of documents related to all MDA
   Research, Development, and Acquisition (RDA) Programs, including Test and Evaluation
   (T&E) activities, and fielding of the MDS. The Counterintelligence requirement supports
   Government efforts to integrate Defensive Counterintelligence (CI) activities, products and
   services, into MDA RDA Programs, Special Access Programs (SAPs); T&E activities; and,
   worldwide deployment of the MDS. These requirements include Agency CI Program
   missions and functional areas authorized by Department of Defense (DoD) Directive O-
   5240.02 that detect, identify, assess, exploit, penetrate, degrade, and counter or neutralize
   intelligence collection efforts, other intelligence activities, sabotage, espionage, sedition,
   subversion, assassination, and terrorist activities directed against the MDA, its personnel,
   information, material, facilities, and activities worldwide. All DoD CI activities conducted
   under this requirement must be executed in accordance with (IAW) DoD Directive (DoDD)
   5240.01 and DoD Regulation 5240.1-R.

1.2 Organizational Description

   a. Engineering Directorate (MDA/DE) – Responsible for technical design and development
      of the MDS. DE oversees and integrates all activities associated with: system
      engineering and technical integration; Modeling and Simulation (M&S) in support of
      MDS requirements definition and capability verification; the performance of independent
      technical assessments; and, technical intelligence. DE is the Engineering Functional
      Manager. The primary support under this contract is for the Engineering functional
      organization.

   b. Program Protection (MDA/DEI-R) – Implements the Research Development and
      Acquisition (RDA) Security, Information Safeguards, and Matrix Security programs
                                   Approved for Public Release
                                   21-MDA-10929 (18 Aug 21)
                                                3
HQ0858-21-R-0015
                                                                      Attachment J-01 Security and CI SOW

   within the Agency on behalf of the Director, Technical Intelligence (DEI). Program
   Protection provides Program Protection Planning, Cyber Mission Assurance, Supply
   Chain Risk Management, Acquisition/Industrial Security, Information Security,
   Operations Security, Classification Management, Security Review Supporting Public
   Release, Declassification, Security Training, and Security Professional Development
   policy oversight and implementation to ensure protection of Controlled Unclassified
   Information (CUI) and collateral classified information, and daily operational support to
   the Program Protection Directorate.

c. Security and Emergency Management (MDA/DSS) – Implements the MDA Physical
   Security, Test Security, and Antiterrorism/Force Protection Programs, as well as MDA
   Emergency Management Planning and Continuity of Operations (COOP) Programs and
   Department of Defense (DoD) Mission Assurance Construct. Work undertaken by DSS
   provides integrated Physical Security, Antiterrorism/Force Protection (AT/FP), and
   Emergency Management/Continuity of Operations support to MDA leadership through
   the protection of Agency personnel, information, and facilities. This includes the
   capability to prepare for, mitigate, respond to, and recover from man-made and natural
   disasters.

d. International and Policy Directorate International Security Division (MDA/DIS) –
   Manages the review and disclosure of U.S. classified military information (CMI) and
   controlled unclassified information (CUI) to foreign governments and international
   organizations, international visits and assignments to MDA, technology transfer, and
   munitions export/import licensing for all Agency personnel, offices, components, and
   support contractors or organizations that receive funding from MDA. Serves as the MDA
   lead for Committee on Foreign Investment in the United States (CFIUS) case processing
   and reviews Small Business Innovative Research (SBIR) and Small Business Technology
   Transfer (STTR) contracts to determine if work performance is export-controlled.

e. Counterintelligence Division (MDA/DEI-X) – Conducts counterintelligence (CI)
   activities (investigations, operations, collection, analysis and production, and defensive
   functional services) to detect, identify, assess, exploit, penetrate, degrade, and counter or
   neutralize foreign intelligence collection efforts, sabotage, espionage, and terrorist
   activities directed against the MDA, its personnel, information, material, facilities and
   activities. Also serves as the MDA Office of Primary Responsibility to the National and
   DoD CI and Law Enforcement (LE) communities. Integrates CI products, services and
   defensive CI activities into all MDA programs and activities to detect, identify, assess,
   exploit, penetrate, degrade, and counter or neutralize foreign intelligence collection
   efforts, sabotage, espionage, and terrorist activities directed against the MDA, its
   personnel, information, material, facilities and deployed MDS assets worldwide.

f. Special Security Office (MDA/DEI) – Responsible for implementing and administering
   the Defense Special Security System on behalf of the Senior Intelligence Officer. The
   Special Security Office (SSO) manages the planning, design, and construction security of
   new and existing facilities, and enforces Intelligence Community Standards for the
                                Approved for Public Release
                                21-MDA-10929 (18 Aug 21)
                                              4
HQ0858-21-R-0015
                                                                       Attachment J-01 Security and CI SOW

      accreditation, operation, and reciprocal use of these facilities. The Special Security
      Office performs all aspects of physical, personnel, information, information systems, and
      technical security within the accredited spaces. The Special Security Office is also
      responsible for the implementation of DoD Procedures for the Agency’s Personnel
      Security Program, processing all initial and periodic reinvestigations, as well as
      managing suitability cases, continuous evaluation and vetting. Other areas of
      responsibility include the North Atlantic Treaty Organization (NATO) Sub-registry, the
      Trusted Associate Sponsorship System; Pentagon Access; Contractor Equivalent
      Investigations; COE/JWICS Account and Access Control; IC PKI Trusted Agent
      functions; Department of Energy (DOE) Visits; and, participation in the Insider Treat
      Program.

1.3 General Requirements

   a. Non-Personal Services - The Government shall neither supervise contractor employees
      nor control the method by which the contractor performs the required work within the
      hours invoiced for each employee. It shall be the responsibility of the contractor to
      manage its employees and to guard against any actions that are personal services in
      nature, or give the perception of personal services as defined in Federal Acquisition
      Regulations (FAR) 37.104. If the contractor believes that any actions constitute, or are
      perceived to constitute personal services, it shall be the contractor’s responsibility to
      notify the Procuring Contracting Officer (PCO) and Contracting Officer’s Representative
      (COR) immediately.

   b. Business Relations – The contractor shall successfully integrate and coordinate all
      activities needed to execute the requirements. The contractor shall manage the timeline,
      completeness, quality of problem identification, and fraud prevention/reporting (i.e.,
      obligation to ensure expenses charged to the contract are properly accounted for before
      submitting invoices to MDA). The contractor shall provide corrective action plans,
      proposal submittals, timely identification of issues, and effective management of
      subcontractor. The contractor shall seek to ensure customer satisfaction and professional
      and ethical behavior of all contractor personnel in support of the U.S. Government.

   c. This SOW identifies requirements and associated products for the MDA’s Security
      offices and CI Division. Support will sustain the MDS throughout the acquisition life
      cycle as part of engineering activities that enable the MDS to defend regional interests,
      allies, and deployed forces against missile threats.

   d. In execution of this contract, support to DEI-X will use the covering agent concept. CI
      covering agent support is the technique of assigning a primary supporting special agent to
      a program. The special agent will conduct all routine liaison, advice and assistance, and
      integrate CI products and services with the supported program. It ensures detailed
      familiarity with the supported program’s operations, personnel, security, vulnerabilities,
      and, in turn, provides the program with a designated point of contact for reporting matters
      with actual or potential CI nexus.
                                   Approved for Public Release
                                   21-MDA-10929 (18 Aug 21)
                                                5
HQ0858-21-R-0015
                                                                 Attachment J-01 Security and CI SOW

1.4 Reference Documents

   The following documents are applicable to this SOW:

   a. Program Protection:
       DAG-Chapter 9 “Defense Acquisition Guidebook (DAG) Chapter 9 Program
         Protection”
       DoDI 5200.48 “Controlled Unclassified Information (CUI)”
       DoDI 5200-44 “Protection of Mission Critical Functions to Achieve Trusted Systems
         and Networks (TSN)”
       DoDM 5200.01 Vol 1”DoD Information Security Program: Overview, Classification,
         and Declassification”
       DoDM 5200.01 Vol 2 “DoD Information Security Program: Marking of Information”
       DoDM 5200.01 Vol 3 “DoD Information Security Program: Protection of Classified
         Information”
       E.O. 13526 “Executive Order (E.O.) 13526 – Classified National Security
         Information”
       MDA 5200.08-M “Procedures for Protection of Critical Program Information,
         Mission Critical Functions, and Critical Components within the Missile Defense
         Agency”
       MDA Directive 5200.08 “Program Protection within the Missile Defense Agency”
       Executive Order (E.O) 13526 “Classified National Security Information”
       Atomic Energy Act of 1954 “Development and Control Act of Atomic Energy”
       DoDI 5000.02 “Operation of the Defense Acquisition System”
       DODI 5200.39 “Critical Program Information (CPI) Identification and Protection
         Within Research, Development, Test, and Evaluation (RDT&E)”
       DoDM 3305.13 “DoD Security Accreditation and Certification”
       DoDM 5200.01 “DoD Information Security Program: Controlled Unclassified
         Information (CUI)”
       DoDI 5200.48 “Interim Guidance Memorandum (IGM) Controlled Unclassified
         Information (CUI) on Missile Defense Agency (MDA) Acquisitions with
         Commercial Industry”
       EO 12829 “National Industrial Security Program”
       EO 11858 “Foreign Investment in the United States”
       DoDD 2000.25 “DoD Procedures for Reviewing and Monitoring Transactions Filed
         with the Committee on Foreign Investment in the United States (CFIUS)”
       DoDD 5230.09 “Clearance of DoD Information for Public Release”
       DoDD 5400.07 “DoD Freedom of Information Act (FOIA) Program”
       MDA 5200.02-INS “DoD Information Security Program”

   b. Security and Emergency Management:

                                Approved for Public Release
                                21-MDA-10929 (18 Aug 21)
                                            6
HQ0858-21-R-0015
                                                               Attachment J-01 Security and CI SOW

   DoD 5200.01, Volume 3, DoD Information Security Program: Protection of
    Classified Information
   DoD Instruction (DoDI) 2000.12
   DoDI 2000.16
   DoDI 2000.16 Vol 1 and 2
   DoD Minimum Antiterrorism Standards for Buildings and/or Interagency Security
    Committee (ISC) physical security standards
   United States Northern Command (USNORTHCOM) Instruction 10-222
   Unified Facilities Criteria (UFC) 4-010-01
   MDA 5200.01-INS, Physical Security Program
   MDA Security Operations Center (SOC) Standard Operating Procedures and
    applicable sub-annexes and Special Security Instructions (SSIs)
   Chairman Joints Chiefs of Staff (CJCS) Guide 5260, Self-Help Guide to
    Antiterrorism, September 1, 2010
   Joint Publication (JP) 3-07.2, Antiterrorism, November 24, 2010
   UFC 4-010-02, DoD Minimum Antiterrorism Standoff Distances for Buildings
    February 9, 2012 (Note: No longer mandatory but threat driven)
   UFC 4-023-03, Design of Buildings to Resist Progressive Collapse, July 14, 2009
    Change 1 January 27, 2010
   MDA Manual 2000.16, Vol 1, Antiterrorism Program, Antiterrorism Standards,
    January 29, 2021
   (CUI) MDA Manual 2000.16, Vol 2, Antiterrorism Program Implementation: Force
    Protection Condition System, January 29, 2021
   MDA Directive 3000.10, Ballistic Missile Defense System Flight Test Concept of
    Operations, June 20, 2019
   DoDD 3020.40, Mission Assurance, November 29, 2016, Change 1, September 11,
    2018
   DoDI 3020.45, Mission Assurance Construct, August 14, 2018
   National Security Strategy of the United States of America – March 3, 2021 (Interim)
   Robert T. Stafford Disaster Relief and Emergency Assistance Act, November 23,
    1988
   Executive Order 12196 – Occupational safety and health programs for Federal
    employees, February 26, 1980
   Executive Order 12656--Assignment of emergency preparedness responsibilities,
    November 18, 1988
   Executive Order 13375, “Amendment to Executive Order 13295 relating to certain
    influenza viruses and quarantinable communicable diseases,” April 1, 2005
   National Preparedness Goal
   National Security Presidential Directive-51/Homeland Security Presidential
    Directive-20 (NSPD-51/HSPD-20), “National Continuity Policy,” May 9, 2007
   Presidential Decision Directive (PDD) 62, “Protection Against Unconventional
    Threats to the Homeland and Americans Overseas,” May 22, 1998, Declassified
    March 18, 2014
                           Approved for Public Release
                           21-MDA-10929 (18 Aug 21)
                                        7
HQ0858-21-R-0015
                                                              Attachment J-01 Security and CI SOW

   National Incident Management System (NIMS), Last Updated June 22, 2021, but
    latest published is October 2017
   Department of Homeland Security, “National Response Framework,” Last Update
    October 29, 2020
   Federal Emergency Management Agency (FEMA) Guide “National Response
    Framework,” Last Update October 29, 2020
   National Continuity Policy Implementation Plan, August 2007, Federal Continuity
    Directive 1, Issue Date, January 17, 2017, Directive 2, Issue Date June 13, 2017
   National Infrastructure Protection Plan (NIPP), February 2013, NIPP Security and
    Resilience Challenge 2016, 2017, 2018 (Cybersecurity and Infrastructure Security
    Agency)
   National Strategy for Pandemic Influenza (NSPI), November 2005, May 2006
   Homeland Security Council, “National Strategy for Pandemic Influenza
    Implementation Plan,” May 2006, Update 2017, Update 2019
   National Strategy for Pandemic Influenza Implementation Plan (NSPIIP), May 2006,
    (U.S. Department of State 2001-2009)
   National Exercise Program Implementation Plan (NEPIP), 2008, Last Update July 20,
    2020
   Department of Health and Human Services, “HHS Pandemic Influenza Plan”
    November 2005, Last Update 2017
   Federal Manager's Decision Makers Emergency Guide OPM Website December 22,
    2003
   Federal Management Regulation Title 41, Code of Federal Regulations, Part 102-74
    Subpart C (Government Services Administration (GSA) Leased Space and Facilities)
    2012
   Federal Preparedness Circular 60, “Continuity of the Executive Branch of the Federal
    Government during National Security Emergencies,” Circular dated April 30, 2001
   Federal Continuity Directive (FCD) 1, “Federal Executive Branch National
    Continuity Program and Requirements,” February 2008
   HSPD 1, “Organization and Operation of the Homeland Security Council, October
    29, 2001
   HSPD 3, “Homeland Security Advisory System,” March 11, 2002
   HSPD 5, “Management of Domestic Incidents,” February 28, 2003
   HSPD 7, “Critical Infrastructure Identification, Prioritization, and Protection,”
    December 17, 2003
   Presidential Policy Directive (PPD) 8, “National Preparedness,” March 30, 2011
   HSPD 12, “Policy for a Common Identification Standard for Federal Employees and
    Contractors,” August 27, 2004
   FCD 2, “Federal Executive Branch Mission Essential Functions and Candidate
    Primary Mission Essential Functions Identification and Submission Process”, June
    13, 2017
   National Communications System Directive (NCSD) 3-10, “Minimum Requirements
    for Continuity Communications Capabilities”
                           Approved for Public Release
                           21-MDA-10929 (18 Aug 21)
                                        8
HQ0858-21-R-0015
                                                             Attachment J-01 Security and CI SOW

   Homeland Security Exercise and Evaluation Program (HSEEP)
   29 Code of Federal Regulations (CFR) 1910.38 (Exit Routes, Emergency Action
    Plans and Fire Prevention), November 7, 2002
   36 CFR, Part 1236, “Management of Vital Records,” July 1, 2000
   41 CFR, 101.20.103-4, “Occupant Emergency Program,” July 1, 1999
   National Fire Protection Association (NFPA) 1600 Standard on “Disaster/Emergency
    Management and Business Continuity Programs,” 2013 Edition
   National Institute of Standards and Technology (NIST) Special Publication 800-34,
    “Contingency Planning Guide for Information Technology Systems,” June 2002
   NIST Special Publication 800-53, “Security and Privacy Controls for Federal
    Information Systems and Organizations,” Rev 4, April 2013, Includes Updates as of
    January 22, 2015
   Office of Personnel Management, “Human Management Policy for a Pandemic
    Influenza”
   DoDI 3020.42, “Defense Continuity Plan Development,” February 17, 2006
   DoDI 6055.17, “DoD Installation Emergency Management (IEM) Program,” June 12,
    2019
   DoDI 3001.02, “Personnel Accountability in Conjunction with Natural or Manmade
    Disasters,” May 3, 2010
   Army Regulation (AR) 525-27, “Army Emergency Management Program,” March
    29, 2019
   AR 525-13, “Antiterrorism,” December 3, 2019
   JP 3-27, “Homeland Defense,” April 10, 2018
   JP 3-41, “Chemical, Biological, Radiological, Nuclear and High-Yield Explosive
    Consequence Management,” September 9, 2016
   Executive Council on Integrity and Efficiency, “IG's Guide to Evaluating Agency
    Emergency Preparedness,” November 1, 2006
   DoDD 3020.26, “DoD Continuity Policy,” February 14, 2018
   DoDD 5134.9, “Missile Defense Agency,” September 17, 2009
   DoDI 3020.42, “Defense Continuity Plan Development,” February 17, 2006
   Department of Defense, “National Defense Strategy of the United States of America,”
    March 2005
   Department of Defense, “Implementation Plan for Pandemic Influenza,” August 2006
   USNORTHCOM AT Operations Order (OPORD) 05-01B National Response Plan, 6
    May 2005
   JP 3-11 “Operations in Chemical, Biological, Radiological, and Nuclear
    Environments,” 28 October 2020
   JP 3-41 “Chemical, Biological, Radiological, and Nuclear Response,” 9 September
    2016
   DoD Civilian Personnel Management Service Emergency Preparedness and Response
    Guide, May 2007
   OSD 21913-05 – Implementation of the National Response Plan and National
    Incident Management System
                           Approved for Public Release
                           21-MDA-10929 (18 Aug 21)
                                       9
HQ0858-21-R-0015
                                                                  Attachment J-01 Security and CI SOW

      Assistant Secretary of Defense (Health Affairs) Memorandum, “Department of
       Defense Influenza Pandemic Preparation and Response Health Policy Guidance,” 25
       January 2006
      DoD, “Strategy for Homeland Defense and Civil Support,” June 2005

c. International Security:
    Title 22, Code of Federal Regulations, Chapter I, Subchapter M, “International
       Traffic in Arms Regulations (ITAR)” Parts 120-130, [Foreign Relations]
    Title 15, Code of Federal Regulations Chapter VII, Subchapter C, “Export
       Administration Regulations,” Parts 730-774
    National Disclosure Policy-1, “National Policy and Procedures for the Disclosure of
       Classified Military Information to Foreign Governments and International
       Organizations,” [short title: National Disclosure Policy (NDP-1)], February, 14, 2017
    DoDD 5000.01, “The Defense Acquisition System,” May 12, 2003, Incorporating
       Change 2, August 31, 2018
    DoDD 5111.21, “Arms Transfer and Technology Release Senior Steering Group and
       Technology Security and Foreign Disclosure Office,” October 14, 2014
    DoDD 5132.03, “DoD Policy and Responsibilities Relating to Security Cooperation,”
       December 29, 2016
    DoDD 5134.09, “Missile Defense Agency (MDA),” September 17, 2009
    DoDD 5230.11, “Disclosure of Classified Military Information to Foreign
       Governments and International Organizations,” June 16, 1992
    DoDD 5230.20, “Visits and Assignments of Foreign Nationals,” June 22, 2005
    DoDD 5230.25, “Withholding of Unclassified Technical Data from Public
       Disclosure,” November 6, 1984, as amended
    DoDD 5400.07, “DoD Freedom of Information Act (FOIA) Program,”
       April 5, 2019
    DoDD 5530.3, “International Agreements,” June 11, 1987, as amended
    DoDI 2000.25, “DoD Instruction, Procedures for Reviewing and Monitoring
       Transactions Filed with the Committee on Foreign Investment in the United States
       (CFIUS),” August 5, 2010
    DoDI 2040.02, “International Transfers of Technology, Articles, and Services,”
       March 27, 2014, Incorporating Change 1, July 31, 2017
    DoDI 5230.24, “Distribution Statements on Technical Documents,”
       August 23, 2012, Incorporating Change 3, October 15, 2018
    DoDM 5200.01, Volumes 1 through 4, “DoD Information Security Program,”
       February 24, 2012, as amended
    MDA Directive 3204.01, “Small Business Innovation Research and Small Business
       Technology Transfer Programs,” January 12, 2018
    MDA Instruction 2070.01-INS, “Preparation of the Project Security Instruction and
       Security Classification Guide for International Agreements,” August 02, 2018
    MDA Instruction 5230.02-INS, “International Security,” April 3, 2014
    MDA Instruction 5200.02-INS, “Information Security Program,” March 22, 2018
                               Approved for Public Release
                               21-MDA-10929 (18 Aug 21)
                                           10
HQ0858-21-R-0015
                                                                 Attachment J-01 Security and CI SOW

      MDA Instruction 5000.03-INS, “Committee on Foreign Investment in the United
       States; Foreign Ownership, Control, or Influence; and National Interest
       Determination,” July 06, 2018
      MDA Manual 5200.08-M, “Procedures for Protection of Critical Program
       Information, Mission Critical Functions, and Critical Components within the Missile
       Defense Agency,” May 01, 2019
      Deputy Secretary of Defense Memorandum, “Training in International Security and
       Foreign Disclosure Support to International Programs,” October 22, 1999

d. Counterintelligence:
    DoDD 5148.13 Intelligence Oversight
    DoDD 5240.01 DoD Intelligence Activities
    DoDD 5240.02 Counterintelligence (CI)
    DODI 5240.05 Technical Surveillance Countermeasures (TSCM)
    DoDD 5240.06 Counterintelligence Awareness and Reporting (CIAR)
    DoDD 5205.16 Counterintelligence Functional Services
    DoDI O-5240.10 Counterintelligence (CI) in the DoD Components
    DoDI 5240.18 Counterintelligence Analysis and Production
    DoDI S-5240.23 Counterintelligence Activities in Cyberspace
    DoDI O-5240.24 Counterintelligence Activities Supporting Research, Development
      and Acquisition (RDA)
    DoDI 5240.26 Countering Espionage, International Terrorism, and the
      Counterintelligence (CI) Insider Threat
    MDA Cyber Forensics Laboratory (CFL) Standard Operating Procedure (SOP)

e. SSO:
    Security Executive Agent Directive (SEAD) 3, Reporting Requirements for Personnel
      with Access to Classified Information or Who Hold a Sensitive Position
    SEAD 4, National Security Adjudicative Guidelines
    SEAD 8, Temporary Eligibility
    DoD Manual 5200.02, Procedures for the DoD Personnel Security Program (PSP)
    DoD Manual 5105.21, Volume 1, Sensitive Compartmented Information (SCI)
      Administrative Security Manual: Information and Information Systems Security
    DoD Manual 5105.21, Volume 2, Sensitive Compartmented Information (SCI)
      Administrative Security Manual: Administration of Physical Security, Visitor
      Control, and Technical Security
    DoD Manual 5105.21, Volume 3, Sensitive Compartmented Information (SCI)
      Administrative Security Manual: Administration of Personnel Security, Industrial
      Security, and Special Activities
    Intelligence Community Directive 705, Sensitive Compartmented Information
      Facilities
    Intelligence Community Directive 700, Protection of National Intelligence

                              Approved for Public Release
                              21-MDA-10929 (18 Aug 21)
                                          11
HQ0858-21-R-0015
                                                                         Attachment J-01 Security and CI SOW

         IC Tech Spec for ICD/ICS 705, Technical Specifications for Construction and
          Management of Sensitive Compartmented Information Facilities

   f. Travel:
       Joint Travel Regulation (JTR), current version at https://www.defensetravel.dod.mil/
       Synchronized Pre-deployment and Operational Tracker (SPOT), current version at
         https://www.acq.osd.mi/log/PS/spt.html

   Note: Support under this requirement will be completed using the referenced documents
   listed in this section. If any document referenced in this section is replaced or superseded,
   the replacement or superseding document shall be applicable to this SOW unless MDA
   provides other guidance. In addition, while this section provides documents to be used
   completing this requirement, work is not limited to these documents. Other documents may
   be provided by the Government, or required by the Government, for use in supporting this
   requirement throughout the life of the contract.

2.0 Government and Proprietary Information and Non-Disclosure Agreements

2.1 Government and Proprietary Information

   In the performance of this contract, the contractor may be provided access to privileged
   Government information. Government information may include items such as plans,
   policies, reports, studies, financial plans, or data which has not been released or otherwise
   made available to the public. The contractor shall ensure that all such information is
   protected in accordance with any restrictions imposed on such information. The contractor
   agrees that without the prior written approval of the PCO, it shall not:

      1) Use such information for any private purpose unless the information has been
         released or otherwise made available to the public.

      2) Compete for work based on such information after the completion of this contract, or
         until such information is released or otherwise made available to the public,
         whichever occurs first.

      3) Submit an unsolicited proposal to the Government which is based on such
         information after such information is released or otherwise made available to the
         public, whichever occurs first.

      4) Release information unless such information has previously been released or
         otherwise made available to the public by the Government.

   The contractor agrees that, to the extent it receives or is given access to proprietary data,
   trade secrets, or other confidential or privileged technical, business, or financial information
   (hereinafter referred to as "proprietary data") under this contract, it shall treat such

                                    Approved for Public Release
                                    21-MDA-10929 (18 Aug 21)
                                                12
HQ0858-21-R-0015
                                                                        Attachment J-01 Security and CI SOW

   information in accordance with any restrictions imposed on such information. The contractor
   further agrees to enter into a written agreement for the protection of the proprietary data of
   others and to exercise diligent effort to protect such proprietary data from unauthorized use
   or disclosure.

2.3 Non-Disclosure Agreements (NDAs)

   The contractor shall require all employees, and all subcontractor employees at all tiers, to
   sign the Missile Defense Agency Non-Disclosure Agreement (MDA NDA) set forth in
   Section J Attachment 06 within 10 days of employment. The signed forms shall be
   submitted to the PCO and the COR within 10 days of employee signature.

   The contractor shall obtain from each employee under this contract, a written non-disclosure
   agreement (Section J Attachment 06) which shall provide that the employee shall not, during
   his/her employment by the contractor or thereafter, disclose to others or use for their benefit,
   privileged Government information or proprietary data received in connection with the work
   under this contract. The contractor shall educate its employees regarding the philosophy of
   Part 9.505-4 of the FAR so that they will not use or disclose Government information or
   proprietary data acquired in the performance of this contract.

   The MDA NDA is required of all contractor employees and subcontractors supporting under
   this effort; however, there may be additional NDAs required (i.e., Planning, Programming,
   Budgeting and Execution (PPBE)) dependent upon the support required at any given time
   throughout period of performance of the contract. The contractor shall certify completion of
   the MDA NDA requirement and others applicable NDAs for each employee via the Monthly
   Manpower Report (Contract Data Requirements List (CDRL) A004).

3.0 Scope of Work

3.1 Program Protection

3.1.1 Description - The contractor shall provide support to RDA Security, Information
      Safeguards, Matrix Security, and Training and Operations.

3.1.2 Task Details

     a. Support RDA Security in execution and oversight of the Acquisition System Protection
        Program for all established and developing MDA Programs. Prepare staffing positions
        for approval and track through action completion. Support meetings to discuss
        requirements/issues.

         Specifically, the contractor shall:

         1) Support Program Protection Planning and coordination of Program Protection Plan
            (PPP) activities across the MDA. Track program events/milestones to identify
                                    Approved for Public Release
                                    21-MDA-10929 (18 Aug 21)
                                                13
HQ0858-21-R-0015
                                                          Attachment J-01 Security and CI SOW

when planning is required, assist the program office with assembling experts into
integrated product teams (IPTs), facilitate critical program information (CPI)
identification/analysis through the IPT process, identify Horizontal Protection
requirements, and compare other DoD systems CPI through the Acquisition
Security database (ASDB). Provide Software Assurance (SwA) expertise and lead
functions to develop and implement SwA policies and engineering guidelines in
alignment with the Joint Federated Assurance Center (JFAC) “best practices”
throughout the system development life cycle (SDLC). Participate in JFAC and
Trusted Systems and Networks (TSN) activities and working groups and assess
compliance with DoD guidelines and federal law to minimize risk to program
capability. Support the Government lead with conducting MDA Quality, Safety,
and Mission Assurance Assessments and compliance assessments. Support and/or
perform quality or compliance assessments of MDA contractors. Coordinate with
MDA Quality, Safety, and Mission Assurance and/or program offices on all
proposed assessment schedules to determine the level of effort required and suitable
timeframes. Facilitate programs as they conduct criticality analysis (e.g.,
identifying/validating Mission Critical Functions, Critical Components), facilitate
and support program validation of the identified threat and vulnerability, facilitate
and support program validation of the identified SwA threat and vulnerability, and
support associated system security engineering and Anti-Tamper functions.
Provide the Government lead with support of PPP activities for MDA programs.
Identify and prioritize security vulnerabilities discovered by vulnerability analysis
tools and develop appropriate remedial countermeasures in the PPP. Support
program office preparation and approval of the PPP and coordination through the
MDA Engineering Board process. Generate unique CPI training materials when
appropriate. Contractor shall prepare, plan, coordinate, conduct, and provide reports
on supply chain risk assessments at contractor facilities during quality or
compliance assessments. Task includes conducting evaluations of PPPs and
Program Protection Implementation Plans (PPIPs) for compliance and efficiency
and submit evaluation/corrective action reports. Assess PPPs, Plans of Action and
Milestones (POA&Ms), CPI assessments, threat assessments, candidate
countermeasures, vendor plans, purchase orders, subcontracting and documentation.
Evaluate corrective actions to security findings and provide assessment to the
proposed corrective action(s) to the Government lead. Develop and maintain an
approved Program Protection evaluation checklist of items that assessors will use as
a basis to conduct evaluations. The checklist should provide guidance to enable an
objective evaluation as whether MDA contractors are complying with applicable
law, regulations and contracted requirements. Support the Government lead by
assisting in coordinating with Defense Counterintelligence and Security Agency
(DCSA) and MDA program offices and participating in Industrial Security
compliance reviews/inspections at MDA offices and contractor facilities. Prepare
an assessment report for Government lead approval and participate in tracking
corrective actions required to completion.

                      Approved for Public Release
                      21-MDA-10929 (18 Aug 21)
                                  14
HQ0858-21-R-0015
                                                             Attachment J-01 Security and CI SOW

2) Perform contractor Supply Chain Risk Management (SCRM), including Foreign
   Military Sales (FMS) SCRM, functions and coordinate SCRM activities across the
   MDA. Supply SCRM threat support and analysis. Support the Government lead
   with coordinating/facilitating SCRM requests (vendor/component reviews) from the
   program offices, coordinate proposed task with program offices, analyze threats to
   the supply chain, and report Government lead approved SCRM findings to the
   requesting program offices. Identify and coordinate SCRM requirements with
   Acquisition/Industrial Security. Support the Government lead by providing SCRM
   expertise during MDA Quality, Safety, and Mission Assurance Assessments or
   compliance assessments. Participate in JFAC and TSN activities and working
   groups, and assess compliance with DoD guidelines and federal law to minimize
   risk to program capability. Function as the SCRM/TSN Integration Council
   (MSTIC) secretariat by planning, organizing, and scheduling MSTIC meetings,
   developing meeting minutes, and preparing briefings to support executive level
   MSTIC meetings. Assist the Government lead, with execution of element-level
   technical reviews in accordance with (IAW) MDA Instruction 5000.20-INS,
   “Engineering Technical Review Process.” Tasks include reviews of MDA
   Programs’ System Engineering Plan (SEP) and/or System Engineering
   Management Plan (SEMP) to ensure adequate incorporation of Program Protection
   design considerations via the Systems Security Engineering processes. Conduct
   evaluations of additional Program-specific systems engineering considerations
   detailed in each element’s PPP. Attend/support Engineering Working Groups,
   review PPPs and PPIPs, and, support CPI assessments, and threat assessments.

3) Perform Acquisition/Industrial Security functions and coordinate
   Acquisition/Industrial Security activities across the MDA. Assist programs with
   developing, updating, and/or implementing the approved Contract Security
   Classification Specification (i.e., DD Form 254) for classified requirements.
   Analyze and provide updated DD Form 254s for Government approval. Review,
   provide analysis of, and assist with tracking contractor-related industrial security
   incidents. Notify the Contracting Directorate (MDA/CT) and/or DCSA of
   contractor security incidents and report findings via Contract Incident Report.
   Coordinate with DCSA and/or MDA Program Offices to participate in Industrial
   Security compliance reviews/inspections. Develop and maintain an approved
   Industrial/Acquisition inspection protocol/checklist that will objectively evaluate
   whether MDA contractors are complying with applicable law, regulations and
   contracted requirements. Prepare assessment reports for Government approval and
   track corrective actions required to completion. Support the Government lead by
   participating in Industrial Security compliance reviews/inspections at MDA
   contractor facilities. Support the Government lead by providing Industrial/
   Acquisition security expertise during MDA Quality, Safety, and Mission Assurance
   Assessments. Support the Government lead by managing Foreign Ownership,
   Control or Influence (FOCI) efforts for the Agency. Develop and coordinate
   questionnaires, FOCI memorandums, correspondence, and/or National Interest
   Determinations (NIDs) for requirements related to cleared defense contractors
                         Approved for Public Release
                         21-MDA-10929 (18 Aug 21)
                                     15
HQ0858-21-R-0015
                                                                 Attachment J-01 Security and CI SOW

       under FOCI. Retrieve the CFIUS requests from MDA International Security and
       evaluate current MDA contracts for impacts. Prepare staffing positions for
       approval by the Government lead and provide results to MDA International
       Security. Support meetings to discuss requirements/issues.

b. In support of Information Safeguards, the contractor shall assist with orchestrating
   protective measures to safeguard MDS information from loss, compromise, or
   unauthorized disclosure. The contractor shall support implementation of the MDA
   Information Security (INFOSEC) Program IAW DoD, MDA, and other non-DoD
   requirements. The contractor shall engage in activities such as performing analysis,
   developing plans, attending meetings, preparing reports, conducting surveys,
   maintaining and updating databases, and conducting training.

   Specifically, the contractor shall:

   1) Provide INFOSEC Program Support: Perform reviews of draft Preliminary
      Inquiries, recommend document corrections to the Inquiry Official. Coordinate
      with the MDA CERT and Classification Management for reported network
      spillages. Perform Newcomer Orientation Briefings. Assist in the management of
      and providing support to Security Managers as part of the Agency Security
      Manager program. Coordinate Quarterly Security Manager meetings. Coordinate
      scheduling and perform INFOSEC Reviews (IPRs) of program areas; draft
      memoranda for IPR results. Draft memoranda and associated staffing
      documentation for task response packages. Maintain metrics; produce monthly and
      annual Security Incident status reports and completed IPRs. Travel to perform
      IPRs. Monitor the Accountable Mail tracker (AMT) tool and contact senders who
      have classified packages that are showing past due. Perform Document Marking
      Classification Reviews and document the reviews using the MDA Form 100, the
      Program Protection Marking Review Form or forms provided in the tasking. Draft
      INFOSEC related Communication Round Table announcements, portal and kiosk
      banners. Assist in the management of and providing support to the Agency Top
      Secret Control Program. Update task database and file system folders. Maintain
      metrics; produce monthly and annual task metric reports.

   2) Support the administration of the Agency Operations Security (OPSEC) Program:
      Maintain and draft updates as necessary for MDA OPSEC policy documents,
      OPSEC instruction, OPSEC Coordinator handbook, and the MDA Master Critical
      Information List. Provide assistance to and oversight of OPSEC Coordinators in
      developing and implementing their OPSEC programs. Conduct OPSEC
      assessments and assist OPSEC Coordinators with their self-assessments; and, draft
      associated memoranda. Conduct OPSEC coordination meetings. Draft memoranda
      and associated staffing documentation for task response packages. Maintain
      metrics and produce monthly and annual OPSEC status reports. Draft OPSEC-
      related Communication Round Table announcements, portal and kiosk banners as
      part of an OPSEC awareness campaign. Attend installation’s monthly OPSEC
                              Approved for Public Release
                              21-MDA-10929 (18 Aug 21)
                                          16
HQ0858-21-R-0015
                                                             Attachment J-01 Security and CI SOW

   meeting and annual OPSEC awareness day. Draft MDA’s annual OPSEC report.
   Update task database and file system folders. Maintain metrics; produce monthly
   and annual task metric reports.

3) Support the Agency-Wide Declassification Program by performing declassification
   reviews in compliance with requirements and procedures outlined in Executive
   Order (E.O.) 13526, “Classified National Security Information”; the Atomic Energy
   Act of 1954, as amended; and other applicable DoD and MDA policies. MDA
   Declassification reviews are page-by-page, line-by-line declassification analysis on
   MDA classified historical records 25 years or older.

   a) Perform first-level declassification reviews; recommend document disposition
      to second-level reviewers. Enter declassification review results in the Agency
      tracking database (i.e., Data Acquisition Network Interface (DANI)). Preload
      document metadata (e.g., catalog number, pages, title, classification, document
      date) in DANI to facilitate review and duplicate document identification. Assist
      with Special Media Conversion. Research legacy MDA programs and
      recommend declassification program working aid updates.

   b) Perform second-level declassification reviews; recommend document
      disposition to the Government. Enter declassification review results in DANI.
      Attach completed SF 715 to the records. Perform Special Media Conversion.
      Research special media conversion capabilities and recommend equipment
      purchase to the Government. Perform courier duties. Review records located at
      the National Declassification Center (NDC). Research legacy MDA programs
      and update declassification program working aids. Draft Standard Operating
      Procedures (SOPs) for Declassification Review and Special Media Conversion.
      Assist Research Analysts. Assist the Government with declassification
      reviewer training. Review and analyze existing and/or new guidance within the
      declassification community and MDA Security Classification Guides (SCGs);
      identify inconsistencies in the horizontal protection of information, and template
      and format issues. Assist with Records Management of the declassification
      program. Research legacy MDA programs and recommend declassification
      program working aid updates. Draft Declassification policy documents.
      Conduct Records Management of the declassification program. Provide
      Declassification records request training to the MDA workforce. Maintain
      Declassification MDA Knowledge Online (MKO) portal pages. Fulfill records
      requests. Coordinate with the Matrix Support Division to ensure current MDA
      research and development (R&D) programs have access to classified historical
      records pertaining to hypersonic weapon defense, directed energy defense
      weapons, space-based defense weapons, and other applicable R&D efforts by
      MDA predecessor organizations. Return reviewed records and associated SF
      715s to original libraries. Accession records to National Archives and Records
      Administration. Perform courier duties. Update and improve DANI, review

                         Approved for Public Release
                         21-MDA-10929 (18 Aug 21)
                                     17
HQ0858-21-R-0015
                                                             Attachment J-01 Security and CI SOW

       processes and procedures ensuring compatibility with external and internal
       databases (e.g., NDC).

   c) Provide the Government lead with projected monthly and annual review plan
      including cumulative production projections. Provide detailed status updates
      and progress made toward specified goals to review all MDA classified
      historical records on schedule before automatic declassification each calendar
      year. If monthly target is not completed, develop and provide contingency plan
      to meet annual review by end of the calendar year. Provide supervision and
      direction to Declassification/Information Safeguards support team.

4) Support implementation of the Classification Management and Security Review for
   Public Release programs IAW DoD and MDA requirements.

   a) Security reviews supporting public release: Perform reviews of draft documents
      intended for release to the public domain and provided by Public Affairs,
      Business Operations, Congressional Affairs, General Accountability Office
      (GAO)/DoD Inspector General (IG), and Washington Headquarters Services
      Office of Security Review; ensure no classified or CUI is released to the public.
      Draft memoranda of review results. Draft memoranda and associated staffing
      documentation for task response packages, including MDA Form 100s (or
      equivalent) if provided with tasking. Maintain metrics and produce monthly
      and annual task metric reports. Update task database and file system folders.

   b) Security Reviews for Classification: Perform reviews of documents, e-mails,
      videos, and pictures for classification to ensure no classified information is
      released to the public. Draft classification guidance memorandums. Draft
      memoranda and associated staffing documentation for task response packages,
      including MDA Form 100s (or equivalent) if provided with the tasking. Assist
      in the development and staffing of Agency Security Classification guides to
      validate proper format, identify horizontal classification issues, and evaluate
      security classification issues. Draft response to Classification Challenges.
      Draft responses to Classification Determinations. Maintain metrics; produce
      monthly and annual task metric reports. Update Original Classification
      Authority training as needed. Coordinate with Information Security and the
      MDA CERT for reported network spills. Update task database and file system
      folders.

5) Support implementation and management of the MDA Controlled Unclassified
   Information program IAW DoD and MDA requirements.

   a) Security reviews supporting CUI program: Perform reviews of draft documents
      intended for release to outside Agencies to include the public domain and
      provided by Agency Program offices, Business Operations, Congressional
      Affairs, General Accountability Office (GAO)/DoD Inspector General (IG), and
                         Approved for Public Release
                         21-MDA-10929 (18 Aug 21)
                                     18
HQ0858-21-R-0015
                                                                          Attachment J-01 Security and CI SOW

            Washington Headquarters Services Office of Security Review; ensure no
            classified or CUI is released to the public. Draft memoranda of review results.
            Draft memoranda and associated staffing documentation for task response
            packages, including MDA Form 100s (or equivalent) if provided with tasking.
            Maintain metrics and produce monthly and annual task metric reports. Update
            task database and file system folders.

       b) Support CUI Program internal decontrol process coordinating products with the
          originator of the information, or the original classification authority (OCA) if
          identified in a security classification guide. Perform reviews of documents, e-
          mails, videos, and pictures for potential to ensure no CUI is released to the
          public. Draft CUI guidance memorandums. Draft DoD Implementation Status
          Report. Draft memoranda and associated staffing documentation for task
          response packages, including MDA Form 100s (or equivalent) if provided with
          the tasking. Assist in the development and staffing of CUI agency guidance.
          Draft memorandums and information slides for Security Manager training.
          Maintain metrics; produce monthly and annual task metric reports. Coordinate
          with Information Security and the MDA CERT for reported network spills.
          Update task database and file system folders.

c. Matrix Support: The contractor shall provide embedded matrix support to the assigned
   MDA Element, in regards to security matters covered in this statement of work, with
   reach-back support from Core MDA security program offices. Specifically, as
   required, the contractor shall coordinate, synchronize, and assist with administration of
   security matters for the assigned MDA Element consistent with the MDA Matrix
   Management Handbook.

                 MDA Element                                      Location
                                               Dahlgren, VA
    Sea-Based Weapons Systems (AB)
                                               Pacific Missile Range Facility, HI
    Command and Control, Battle
                                               Redstone Arsenal, AL (placeholder)
      Management, and Communications (BC)
    Test Directorate (DT)                      Redstone Arsenal, AL
                                               Redstone Arsenal, AL
    Innovation, Science and Technology (DV)
                                               Kirtland Air Force Base, NM (placeholder)
    Ground-Based Midcourse Defense (GM)        Redstone Arsenal, AL (placeholder)
    Israeli Programs (IP)                      Redstone Arsenal, AL (placeholder)
                                               Redstone Arsenal, AL
    Sensors Program (SN)
                                               Schriever Space Force Base (SFB), CO
    Space Systems (SS)                         Schriever SFB, CO
    Targets and Countermeasures (TC)           Redstone Arsenal, AL
    Terminal High Altitude Area Defense (TH)   Redstone Arsenal, AL

d. Training and Operations: The contractor shall assist in performing and executing all
   Security Operations and Enterprise (O&E) functions and activities.

   Specifically, the contractor shall:
                                Approved for Public Release
                                21-MDA-10929 (18 Aug 21)
                                               19
HQ0858-21-R-0015
                                                                        Attachment J-01 Security and CI SOW

         1) Assist the Training and Operations directorate, supporting requirements, policies,
            and procedures for Program Protection: Integrate and coordinate inputs, products,
            and processes across directorate elements. Coordinate and integrate execution of
            directorate requirements and taskings. Develop, execute, document, and assist in
            the management of key Program Protection core functions, tasks, and system
            engineering processes. Coordinate, integrate, arrange, conduct, and assist in the
            management of day-to-day directorate support functions and mission requirements.

         2) Assist with administering and executing the DoD security education and
            development program: Plan, assess, apply metrics, and develop exams and
            certifications. Assess, integrate, validate, and coordinate internal and external
            security training and operations reports, presentations, project status updates, and
            security management assessments.

         3) Assist with assessing requirements and implementing the Security Professional
            Education Development (SPeD) program.

            a) Prepare the SPeD Implementation Plan and supporting documents. Coordinate
               and secure approval. Update and brief Program Protection on the SPeD
               Program.

            b) Coordinate MDA certification testing and conferral activities, secure approval,
               and update the DoD SPeD Program Office. Prepare and maintain certification
               support material, and distribute to certification candidates. Prepare status
               updates and maintain certification metrics. Track compliance with SPeD
               certification requirements.

            c) Maintain SPeD database at the MKO, Program Protection Division portal.

            d) Develop SPeD Program training plan, secure approval, and conduct training.
               Make recommendations for MDA workforce career development and
               Functional Career Guide update to incorporate SPeD requirements. Develop
               SPeD unique training. Generate SPeD training materials, including using the
               DS Directorate, Visual Information Production Center (VIPC) for reproduction
               requirements. Coordinate with the Director for Operations Human Resources
               office (HR) and provide documentation for participants to receive training credit.
               Upgrade materials based on feedback from training.

         4) Manage SPeD certification within the Government and contractor workforce.

3.2 Security and Emergency Management

3.2.1 Description – The contractor shall support the Agency’s AT/FP, Physical Security, and
      Emergency Management and COOP Programs; and, Test Security.
                                   Approved for Public Release
                                   21-MDA-10929 (18 Aug 21)
                                                20
HQ0858-21-R-0015
                                                                     Attachment J-01 Security and CI SOW

3.2.2 Task Details

     a. In support of the Agency’s AT/FP Program, the contractor shall:

        1) Assist with planning and assessment of the MDA AT Program. Participate in inter-
           and intra-agency collaborative efforts; prepare reports and memoranda. Assist in
           revising existing or developing new policies, plans, procedures and training
           material; and, make recommendations.

        2) Maintain, update and provide AT product related data IAW procedures and policies,
           as well as all reportable AT products IAW DoDI 2000.16 Vol 1and 2, DoDI
           2000.12, and USNORTHCOM Instruction 10-222.

        3) Assist with the review and assessment of construction design drawings, including
           renovation, associated requirements documents, and related technical information
           for regulatory security compliance at MDA Facilities. Assist in the identification of
           AT requirements pertaining to security designs, construction, renovation and/or
           modification of Military Construction (MILCON) projects, General Services
           Administration (GSA) leased facilities, operational and test program sites. Prepare a
           recommended position and/or assessment via memorandum or design comment
           matrix form; coordinate and submit final documents for approval.

        4) Assist with planning, developing, and executing AT CA and VA assessments.
           Document results utilizing the Risk Management Tool Enterprise Protection Risk
           Management (EPRM) and the Mission Assurance Risk Management System
           (MARMS). Develop mitigations for recommendation to MDA leadership to
           reduce risk. Utilize EPRM to develop residual risk after recommended
           mitigations are approved and implemented. Prepare and coordinate CA/VA
           assessments, checklists, and/or comment matrix and/or memorandums IAW DoD,
           MDA host installation and/or USNORTHCOM guidance. Coordinate and submit
           for final approval and transmission.

        5) Assist with executing the MDA AT Self-Assessment Program IAW
           USNORTHCOM AT Benchmarks or MDA approved assessment criteria. The AT
           Self-Assessment encompasses the USNORTHCOM Program Review, Local MDA
           facility annual self-assessments and Higher Headquarters assessments to host
           installations. Engage in Theater, Agency, and/or host installation/facility AT
           Program Reviews. Prepare AT Self-assessment package, coordinate, and submit
           final documents for approval.
            Update, maintain, and assist in executing the MDA AT Level 1 Training
               Awareness Program for the MDA Newcomer’s Orientation Program and Cloud
               Learning Management System (LMS). Provide briefings/materials for training,
               using the DS VIPC for reproduction requirements. Coordinate with HR and
               provide documentation for participants to receive training credit. Upgrade
                                  Approved for Public Release
                                  21-MDA-10929 (18 Aug 21)
                                              21
HQ0858-21-R-0015
                                                                Attachment J-01 Security and CI SOW

       briefings/materials based on feedback from training sessions.
      Conduct monthly and comprehensive annual reviews to analyze and ascertain
       AT Level 1 training completion percentages of MDA personnel at local,
       regional, or agency level, as well as pending requirements. Reviews may be
       tailored to provide specific information to internal or external organizations.
      Prepare monthly training reports to provide complete AT Level 1 training status
       and metrics.
      Develop, deploy, maintain and assist in executing the Active Shooter Awareness
       Program to include preparing Active Shooter training videos, briefings and
       media presentations. IAW DoD policy, perform on-going updates and present
       Active Shooter training during the MDA Newcomer’s orientation executed
       throughout the MDA enterprise.
      Plan, participate, and incorporate active shooter based exercises at all levels as a
       subset of the Agency’s AT Program. These events are to be conducted IAW the
       MDA Executive Director’s guidance on exercise support to MDA FP Program.
      Prepare monthly training reports to provide complete Active Shooter training
       status and metrics.
      Assist in coordinating all exercise activities with the MDA Emergency
       Management and Continuity of Operations Division (DSS-E) for scheduling and
       deconfliction with host installation activities. Provide Master Scenario Events
       List (MSEL) and After-Action Reports (AARs).
      Prepare minutes of “Hot Wash” activities, working papers and final AARs as
       required.

6) Assist with implementing and executing the Random AT Measure Program
   (RAMP) IAW MDA guidelines, including coordinating, distributing, and the
   compilation of results which will be transmitted in the format of a final monthly
   report.

7) Prepare recommended responses to assigned agency taskings regarding protection of
   MDS assets (e.g., TMT or other assigned actions); coordinate, submit response for
   final approval and transmission.

8) Assist in the execution of MDA AT Risk-Assessment process IAW DoDI 2000.16
   or MDA approved assessment criteria. Participate in Theater, Higher Headquarters,
   Agency, and/or host installation/facility annual AT criticality and vulnerability
   assessments when MDA facilities and assets are being assessed. Prepare AT
   criticality and vulnerability assessment inputs and packages for coordination, and
   submit inputs and final documents for approval. Assist in the performance of
   assessments at MDA facilities and assets to ensure compliance with the UFC 4-010-
   01, DoD Minimum Antiterrorism Standards for Buildings and/or ISC physical
   security standards, where applicable. Conduct special event vulnerability
   assessments and draft the associated special event vulnerability assessment reports
   for MDA events on or off-installation where 300 or more DoD personnel will be
                          Approved for Public Release
                          21-MDA-10929 (18 Aug 21)
                                       22
You can also read