NATO Sub-Registry

US Facilities Performing on NATO Contracts

U.S. cleared facilities bidding on NATO contracts will need to have their facility clearance verified via government channels. Requests should be submitted by the NATO Agency to dcsa.iab@mail.mil. After contract award, Defense Counterintelligence and Security Agency (DCSA) will issue a NATO Facility Security Clearance Certificate (NFSCC) to the appropriate NATO Agency and notify the contractor. A U.S. facility qualifies for a NFSCC if it has an equivalent U.S. Facility Clearance Level and its personnel have been briefed on NATO procedures.

The NATO Contracting Agency will typically provide security requirements in the form of a NATO Security Aspects Letter. When a facility has a need to safeguard NATO Secret information and above on a continuing basis, in performance of the contract, they are required to be established as a NATO control point (NCP) under the DCSA Sub-Registry.

DCSA Sub-Registry

DCSA is recognized as the NATO Sub-Registry responsible for establishing cleared contractor facilities, with a direct NATO Agency contract as a NCP, to ensure compliance and accountability of NATO classified information.

NATO Control Point  

A NCP is a controlling office, subordinate to the Sub-Registry, responsible for receiving, recording, handling and distributing NATO documents to personnel in the facility which it serves.

If your facility enters into a contract, directly with a NATO Agency, as the prime, and are required to safeguard NATO Secret and/or above, you will need to be established as a NATO Control Point.

Establishment Process

Facilities will notify the Sub-Registry at dcsa.stanag@mail.mil and their Industrial Security Representative upon NATO contract award.
The Sub-Registry will schedule a telephonic interview with the facility to discuss the below items to determine the need for establishment.

  • Contract(s)
  • Security requirements
  • Performance location
  • Inventory

The Sub-Registry will issue a formal notification upon establishment of the facility. The NCP is only valid until the end of the contract. The NCP can be extended upon contract extension and/or additional direct NATO contracts, that require safeguarding, are obtained.

NATO Control Point Officer 

A primary, and at least one alternate control officer, shall be appointed to manage the security requirements of the NATO program for the NCP.
Some key responsibilities:

  • Notify the Sub-Registry upon contract extensions, termination or awards.
  • Maintain a current DAAG Form 29-1 signatory list.
  • Maintain records for personnel accessing NATO classified information.
  • Maintain log of accountable NATO classified information.
  • Conduct inventory of all NATO classified information and submit the report annually.
  • Periodically spot check NATO classified information.
  • Report loss, compromise or suspected compromise of NATO classified information.
  • Prepare document receipt and destruction certificate, for all NATO classified maintained, reproduced, or when transferring accountability.
  • Confirm reproduction of NATO classified information is essential to mission accomplishment.

NATO Control Point Inspections

The Sub-Registry will conduct an onsite review of the NCP, on a 24 month cycle, to ensure compliance with the established NATO classified material control and accountability procedures.

Inventory

Cosmic Top Secret, NATO Secret, and all ATOMAL: Receipts and logs shall be maintained on the receipt, disposition, destruction, and dispatch. All inventory is required to be spot-checked on a routine basis.  NATO classified information shall be returned upon the completion of the contract unless written permission is obtained.

NATO Secret destruction certificates are required to be maintained for 5 years. All Cosmic Top Secret and ATOMAL must be returned to the Central U.S. Registry (CUSR) for destruction.

Annual inventories and destruction certificates must be submitted by the end of the calendar year to the Sub-Registry at: dcsa.stanag@mail.mil for compilation into the annual Muster Report provided to the CUSR.

For additional information, reference the 32 Code of Federal Regulations (CFR) 117.19 (g) NATO Information Security Requirements.

Disestablishment Process

NCP officers must notify the Sub-Registry upon contract termination or when there is no longer a need to safeguard NATO Secret and above. Destruction certificates and accountability receipts are required to be submitted at time of notification. The Sub-Registry will formally provide a disestablishment letter upon receipt of all requirements.