1、NPR 1620.2 Physical Security Vulnerability Risk Assessments| NODIS Library | Organization and Administration(1000s) | Search | NASA Procedural RequirementsThis Document Is Uncontrolled When Printed.Check the NASA Online Directives Information System (NODIS) Library to verify that this is the correct
2、 version before use. NPR 1620.2 Effective Date: July 15, 2004Expiration Date: July 15, 2009Responsible Office: Office of Security except classified national security information (CNSI) and nuclear and chemical materials.b. This physical security vulnerability risk assessment procedure supports NASA
3、Center management in meeting the responsibility of protecting NASAs assets in a cost-effective manner. It is designed to assist security officers in carrying out their responsibilities in support of management and the NASA Security Program. The results of the physical security vulnerability risk ass
4、essment shall be used to determine the appropriate level of protection needed to safeguard these resources adequately and economically. c. The level of security adopted shall be based upon applicable physical security measures and security procedures contained in NPR 1600.1 and 1620.3. The results o
5、f the physical security vulnerability risk assessment are to be used to satisfy the requirements of Homeland Security Presidential Directive (HSPD)-7: “Identification, Prioritization, and Protection of Critical Infrastructure and Key Resources“; and Presidential Decision Directive (PDD) 62: “Combati
6、ng Terrorism.“d. When completed, the results of the physical security vulnerability risk assessment and mitigation plans shall be classified as administratively controlled information (ACI), at a minimum. For critical assets designated as mission-essential infrastructure (MEI), classification at the
7、 CONFIDENTIAL or SECRET level must be considered based on local threat and criticality of the asset. The Center Chief of Security (CCS) shall exercise final authority for designation of classification level.e. The overall purpose of this NPR and its sister document, NPR 1620.3, “Security Standards f
8、or NASA Facilities and Property,“ is to establish a permanent baseline physical security posture for each assessed asset based on its criticality and identified vulnerabilities. Thereafter, it is expected that subsequent changes in threat indicators could require the CCS to implement temporary secur
9、ity measures designed to address “real-time“ changes in local threat response.f. This assessment tool is a living document, and will, from time to time, be updated to ensure its continued application and viability.g. Terms, abbreviations, and acronyms used in this NPR are explained in Chapter 10 of
10、the parent document, NPR 1600.1, “NASA Security Program Procedural Requirements.“P.2 ApplicabilityThis NPR is applicable to NASA Headquarters and NASA Centers, including Component Facilities. Address comments regarding this NPR to the Director, Security Management Division (DSMD), Office of Security
11、 Management and Safeguards, NASA Headquarters, Washington, DC, 20546. Refer questions concerning the application of these standards at NASA Centers to the appropriate NASA Center Security Office.P.3 Authoritya. 42 U.S.C. Section 2473(c)(1), National Space Program.http:/nodis3.gsfc.nasa.gov/displayAl
12、l.cfm?Internal_ID=N_PR_1620_0002_ and (2) paramilitary/militia (anti-Government) groups. Paramilitary CONUS based terrorist groups have historically included such groups as anti-government militia and white separatists groups. (d) Activists/Protesters. Activists/protesters category is provided in bo
13、th the “insiders“ and “outsiders“ designator. This category considers extremists as well as the traditional protest groups capable of having interest in disrupting or otherwise impacting NASA operations. “Insiders“ are considered individuals supportive of, http:/nodis3.gsfc.nasa.gov/displayAll.cfm?I
14、nternal_ID=N_PR_1620_0002_Includes over 10000 rounds of ammunition and/or explosives.Includes weapons over 9mm.5http:/nodis3.gsfc.nasa.gov/displayAll.cfm?Internal_ID=N_PR_1620_0002_&page_name=all (23 of 45) 06/24/2005 2:59:09 PMProvided by IHSNot for ResaleNo reproduction or networking permitted wit
15、hout license from IHS-,-,-NPR 1620.2 Physical Security Vulnerability Risk Assessments2.3.4.13. Relative value of research activity and associated facilities. Relative value of research activity as an asset is based on the type and sensitivity of the research and the type and criticality of the facil
16、ity. Evaluate relative v , alu e of the se assets using Table 2-17.Table 2-17Relative Value of Research Activity and Associated FacilitiesAsset CategoryValueRatingFactorResearch is basic in nature. 1Research activity is sensitive in nature. 3Research activity is highly sensitive and/or classified in
17、 nature. 52.3.4.14. Relative value of people as assets. Relative value of people as assets is evaluated based on the number of people present in the area being assessed because establishing a monetary value for human lives is impractical. Separate scales are provided for mission-critical and high-ri
18、sk personnel and the general population to account for basic differences in their relative value. Further consideration of the relative importance of people is accounted for in their mission criticality to NASA and the user. Evaluate relative value of the human asset using Table 2-18 and using the m
19、ost appropriate scale for the asset being assessed.Table 2-18Relative Value of People as AssetsProbable Level of OccupancyValueRatingFactorhttp:/nodis3.gsfc.nasa.gov/displayAll.cfm?Internal_ID=N_PR_1620_0002_&page_name=all (24 of 45) 06/24/2005 2:59:09 PMProvided by IHSNot for ResaleNo reproduction
20、or networking permitted without license from IHS-,-,-NPR 1620.2 Physical Security Vulnerability Risk AssessmentsNumber of mission-critical or high-risk personnel in facility is likely to befewer than three or general population in facility is likely to be fewer than 10.1Number of mission-critical or
21、 high-risk personnel in facility is likely to begreater than or equal to 3 and fewer than 10 or general population in facility islikely to be greater than or equal to 10 and fewer than 30.2Number of mission-critical or high-risk personnel in facility is likely to begreater than or equal to 10 and fe
22、wer than 20 or general population in facility islikely to be greater than or equal to 30 and fewer than 60.3Number of mission-critical or high-risk personnel in facility is likely to begreater than or equal to 20 and fewer than 30 or general population in facility islikely to be greater than or equa
23、l to 60 and fewer than 100.4Number of mission-critical or high-risk personnel in facility is likely to be greaterthan or equal to 30 or general population in facility is likely to be greater than 100.52.4 Establishing an Asset Value RatingEstablish the value rating for assets using the results of ev
24、aluating the individual value rating factors. Sum the numerical values associated with the four applicable factors (NASA mission criticality, user mission criticality, replaceabilty, and relative value) and then compare the sum to the ranges of sums in Table 2-19. Select a resultant value rating of
25、very low, low, medium, high, or very high. Enter the applicable sum and value rating in the spaces provided on NASA Form 1713 (Risk Level Worksheet). Continue the assessment procedure by proceeding to Chapter 3. Table 2-19Asset Value Rating Sum of Value Rating Factors Value Ratinghttp:/nodis3.gsfc.n
26、asa.gov/displayAll.cfm?Internal_ID=N_PR_1620_0002_&page_name=all (25 of 45) 06/24/2005 2:59:09 PMProvided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-NPR 1620.2 Physical Security Vulnerability Risk Assessments0 to 56 to 910 to 1314 to 1718 to 20Very Low (
27、VL) Low (L) Medium (M) High (H) Very High (VH) CHAPTER 3: Likelihood Determination Process3.1 Measurement of Likelihood3.1.1. The likelihood that a given aggressor will attempt to compromise an asset is evaluated using the likelihood rating factors below. These factors measure the value of the asset
28、 to the aggressor. The first three factors are as follows:a. Asset profile.b. Asset usefulness to aggressor.c. Asset availability.3.1.2. The second three factors measure the history of or potential for incidents. These factors are as follows:a. Local incidents in the past.b. Regional incidents in th
29、e past.c. Potential for future incidents.http:/nodis3.gsfc.nasa.gov/displayAll.cfm?Internal_ID=N_PR_1620_0002_&page_name=all (26 of 45) 06/24/2005 2:59:09 PMProvided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-NPR 1620.2 Physical Security Vulnerability Ri
30、sk Assessments3.1.3. The last three factors measure the vulnerability of the asset. These factors are weighed to emphasize vulnerability because usually only the vulnerability of an asset can be changed through security measures. The assets value to an aggressor and the history of or potential for i
31、ncidents are difficult to control. Weighing the likelihood factors related to vulnerability allows the user of this procedure to decrease the risk level through applying security measures. These vulnerability factors are as follows:a. Asset accessibility.b. Effectiveness of, and compliance with, sec
32、urity/law enforcement requirements.c. Other physical security deterrence measures.3.2 Evaluation Procedure3.2.1. Selection of applicable aggressors. Use Table 3-1 to determine the aggressors that have potential to be a threat to the asset. Eliminate those that are known not to be a threat at the loc
33、ation being assessed. Enter a check mark for each applicable aggressor in the spaces provided on NASA Form 1713 (Risk Level Worksheet).3.2.2. Evaluate likelihood of aggression. For each potential aggressor, evaluate each of the nine likelihood rating factors using the applicable likelihood rating ta
34、bles in paragraph 3-3. Use Table 3-2 to determine which likelihood rating tables apply for each asset category. Select the entry from each of the applicable likelihood rating tables that most closely applies to the aggressor and the asset. Record the numerical values for the likelihood rating factor
35、s for each aggressor in the appropriate spaces on NASA Form 1713 (Risk Level Worksheet).3.2.3. Establish likelihood ratings. Refer to requirement in paragraph 3-4.Table 3-1Potential Aggressors Selection TableAsset CategoryPotential Aggressor1 2 3 4 5 6A. Aircraft and components at aviation facilitie
36、s.and/or test facilities. X X X X X Xhttp:/nodis3.gsfc.nasa.gov/displayAll.cfm?Internal_ID=N_PR_1620_0002_&page_name=all (27 of 45) 06/24/2005 2:59:09 PMProvided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-NPR 1620.2 Physical Security Vulnerability Risk A
37、ssessmentsB. Vehicles /components at motor pools and/orwatercraft at docking facilities.X X X X X XC. Petroleum, oils, and lubricants (POL). X X X X X XD. Launch and/or mission control facilities. X X X X E. Controlled medical substances and othermedically sensitive items.X X F. Communications facil
38、ities (includes trackingstations).X X X X G. Individual Information Technology systems,super computing systems, data centers.X X X X X XH. Facilities engineering supplies and constructionmaterial.X X X X I. Rocket engine, wind tunnels, simulation, and otherhigh speed testing facilities and equipment
39、.X X X X J. Research facilities. X X X X XK. Spacecraft (Shuttle, ISS) X X X X XL. Experimental animal subjects and associatedlaboratories.X X X M. Visitor centers and display facilities. X X X X N. Miscellaneous pilferable assets. Includeshand-held precision tools. Lap-top computers.X X X X O. Miss
40、ion-critical or high - risk personnel. X X X X XP. Administrative support facilities. X X X X X XQ. Industrial and utility equipment. X X X X X R. Precious metals/materials. X X X X S. Arms, ammunition, and explosives (AA&E) X X X X Xhttp:/nodis3.gsfc.nasa.gov/displayAll.cfm?Internal_ID=N_PR_1620_00
41、02_&page_name=all (28 of 45) 06/24/2005 2:59:09 PMProvided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-NPR 1620.2 Physical Security Vulnerability Risk AssessmentsKey:1. Thieves2. Criminal Groups3. Vandals4. Activists/Protesters5. Foreign Nationals6. Terro
42、ristsTable 3-2Likelihood Rating Factor Table Applicability Asset Table NumbersApplicable Table NumbersA. Aircraft and components at aviation or testfacilities. 3-33-11a*3-213-73-223-8 3-9 3-10B. Vehicles/components at motor pools orwatercraft moored at docking facilities.3-33-11a*3-213-73-223-8 3-9
43、3-10C. Petroleum, oils, and lubricants (POL).3-33-12a*3-213-73-223-8 3-9 3-10D. Launch and/or mission controlfacilities.3-33-13a*3-213-73-233-8 3-9 3-10E. Controlled medical substances and othermedically sensitive items.3-33-18a*3-213-73-233-8 3-9 3-10F. Communications facilities (includes trackings
44、tations).3-33-18a*3-213-73-233-8 3-9 3-10http:/nodis3.gsfc.nasa.gov/displayAll.cfm?Internal_ID=N_PR_1620_0002_&page_name=all (29 of 45) 06/24/2005 2:59:09 PMProvided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-NPR 1620.2 Physical Security Vulnerability Ri
45、sk AssessmentsG. Individual Information Technology systems,super computing systems, data centers.3-33-14a*3-213-73-233-8 3-9 3-10H. Facilities engineering supplies andconstruction materials.3-3b*a*3-213-7c*3-8 3-9 3-10I. Rocket engine, wind tunnels, simulation,and other high-speed test facilities an
46、dequipment.3-33-15a*3-213-73-233-8 3-9 3-10J. Research facilities.3-33-18a*3-213-73-233-8 3-9 3-10K. Spacecraft (Shuttle, ISS).3-33-16a*3-213-73-223-8 3-9 3-10L. Experimental animal subjects and associatedlaboratories.3-33-17a*3-213-73-223-8 3-9 3-10M. Visitor centers, display facilities/material3-3
47、b*a*3-213-7c*3-8 3-19 3-10N. Miscellaneous pilferable assets. Includeshand-held precision tools. Lap-top computers3-3b*a*3-203-7c*3-8 3-9 3-10O. Mission-critical or high-risk personnel.3-33-193-63-203-73-233-8 3-9 3-10P. Administrative support facilities.3-33-203-63-213-73-223-8 3-9 3-10Q. Industria
48、l and utility equipment.3-3b*a*3-203-7c*3-8 3-9 3-10R. Precious metals/materials.3-33-18a*3-213-73-233-8 3-9 3-10S. Arms, ammunition, and explosives (AA&E)3-33-19a*3-213-73-233-8 3-9 3-10http:/nodis3.gsfc.nasa.gov/displayAll.cfm?Internal_ID=N_PR_1620_0002_&page_name=all (30 of 45) 06/24/2005 2:59:09 PMProvided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-
