Office of the Deputy Chief of Staff G1, Eisenhower Ave Letterhead
DAPE-CPD 03 DEC 2007

Memorandum for Army NAF Human Resources Offices
Subject: Employing Personnel for Army Nonappropriated Fund (NAF) Positions - Security
Requirement for Access to Information Systems

  1. References:
    1. a. Army Regulation (AR) Nonappropriated Fund Personnel Policy, 29 August 2003.
    2. AR 25-2, Information Assurance, 24 October 2007.
  2. This memorandum serves to provide information concerning security requirements for employing United States (U.S.) citizens and non-U.S. citizens in NAF positions and security requirement for access to information systems.
  3. All employees, U.S. citizens and non-U.S. citizens, are required to present applicable documents for verification (bonafide birth certificate, bonafide Social Security card, passport, driver's license, active green card, and visa) as detailed in the instructions for completion of the I-9 Form. Employees must present these documents to the servicing NAF Human Resources (HR) Division at the time of in-processing as proof of eligibility to work in the United States. Additionally, those employees who have been selected to serve in positions of trust (prescribed by the work they perform - see below regarding "Position of Trust") require a National Agency Check (NAC), AR 215-3, 2-13.i.(2)(b).
  4. In accordance with (IAW) AR 25-2, 4-14.a., employees requiring access to information systems to fulfill their duties must possess the required favorable security investigations, security clearances, or formal access approvals, and to fulfill any need to know requirements. There are several types of Information Technology (IT) personnel in Information Assurance (IA) positions. They are defined as follows: IT-I is System Administrator (SA)/Network Administrator (NA) for infrastructure devices or SA's/NAs for classified systems and devices; IT-II is operating system administration of common network applications or enclaves, back-up operators; IT-III is power/end users or a SA on individual systems for configuration; IT-IV are non-IT positions that are temporary, intermittent, season, or summer hire position. The majority of the NAF workforce is comprised of IT-III personnel, although some are Type I or II. (Note: Per AR 25-2, these positions are referred to as IT and IT related positions. This type of position shall be deemed "Position of Trust".)
  5. Security requirements for a non-U.S. citizen are different from the requirements for a U.S. citizen. For U.S. citizen employees, if the position requires access to the local area network and to Army or Department of Defense (DoD) computer systems, it is sufficient for the NAC to have been initiated before access to government systems is granted by the Information Assurance Security Officer (IASO). For non-U.S. citizen employees, if the position requires access to the local area network and to Army or DoD computer systems, favorable completion of a NAC is required before access to government systems is granted. This includes access to the local area network and to Army or DoD computer systems, Defense Civilian Personnel Data System (DCPDS), My Biz (NAF), My Workplace, Standard NAF Automated Contracting System, Recreation Tracking System, Army Civilian Personnel Online, Vacancy Announcement Builder, Fully Automated System for Classification, and other systems.
  6. IAW AR 25-2, 4-14.c., employment of non-U.S. citizens in IT positions should be minimized. However, compelling reasons may exist to grant access to DoD IT resources in those circumstances in which a non-U.S. citizen possesses a unique or unusual skill or expertise that is urgently needed for a specific DoD requirement and for which a suitable U.S. citizen is not available. Written compelling reason justification, documentation in the Certification and Accreditation (C & A) package and Designated Approving Authority (DAA) approval is required.
  7. Non-U.S. citizens may hold IT positions under certain conditions and if the DAA that accredited the system and the data owners approve the assignment requirements in writing. The written approval must be on file and provided as an artifact to the C&A package, before requesting the required investigation. The required investigation must be completed and favorably adjudicated before authorizing access to DoD systems or networks. Interim access is prohibited. Also, individuals occupying an IT position are subject to periodic reinvestigation according to existing contract, labor relations, or personnel security policy. (Non-U.S. citizens accessing government systems require reinvestigation every five years.)
  8. When establishing user accounts for non-U.S. citizen employees, the accounts granting access to government IT assets should be end dated with the date when authorization to work in the U.S. expires. The end date of the account can be entered with a future effective date when the account is created. The NAF HR Division is responsible for notifying the supervisor of the date when the employee's authorization to work in the U.S. is to expire. The same information will have to be provided by the supervisor and the IASO on the System Access Nomination and Authorization Request Form and by the NAF HR Division on the DCPDS Account Request Form.
  9. NAF HR Divisions are required to update the investigation requirements in DCPDS. The type of investigation must be entered in the position record. Both the type of investigation and the date of completion of the investigation must be entered in the People record. The People record may be updated via the appointment Request for Personnel Action or by directly accessing the People record to manually update the two data fields.
  10. NAF HROs should coordinate with activities that employ non-U.S. citizens to assess and validate the continuing need for these employees to access government systems. If access to government systems for non-U.S. citizens is deemed necessary based upon position responsibilities, then the employing organization is required to provide written justification for continued systems access IAW AR 25-2, 4-14. Periodic security reinvestigation is required every five years for non-U.S. citizens whose positions require access to government systems.
  11. The point of contact is Ms. Rena Gwyn, NAF Human Resources Policy and Program Division, (703) 325-7763 or DSN 221-7763.
  12. This memorandum has been coordinated with the Assistant G-1 for Civilian Personnel, Civilian Information System Division.

Nancy J. Hill                                
Acting Chief, Policy and Program
Development Division