BY ORDER OF THE AIR FORCE INSTRUCTION 31-703
SECRETARY OF THE AIR FORCE 7 FEBRUARY 1994
Security
PRODUCT SECURITY
____________________________________________________________________________________________________
This instruction implements AFPD 31-7, Acquisition Security. It provides guidance for protecting Air Force products at defense contractor facilities. It applies to each organization that acquires, modifies, or contracts for maintenance of Air Force products. It does not address the physical protection of conventional arms, ammunition, and explosives at contractor facilities; security of classified components; security of nuclear materials, or Key Assets protection.
SUMMARY OF CHANGES
This is the initial publication of AFI 31-703.
1. Product Security (PRODSEC) Goals. The goal of PRODSEC is to protect weapon or space systems at contractor facilities. These facilities may be government-owned, contractor-operated (GOCO), or contractor-owned, contractor-operated (COCO). Products may need protection at contractor facilities because they are highly valuable or unique, or because their loss may endanger the public. PRODSEC:
- Reduces the government's risk as a self-insurer.
- Makes the product less vulnerable to ground threats, including terrorism.
- Reduces the risk of product tampering or destruction.
2. PRODSEC Procedures:
- Establish whether acquisitions or products undergoing maintenance or modification require PRODSEC, following the guidelines in the security paragraph of the Operational Requirements Document (ORD).
- Make a preliminary decision on PRODSEC requirements, publishing the decision in the program management directive.
- Use current intelligence and threat information in making decisions.
- Balance the cost of security against the cost of destruction or loss of the product.
- Use risk analysis to establish PRODSEC requirements.
- Participate in program protection planning as required by AFI 31-701, Program Protection Planning.
3. PRODSEC Responsibilities:
3.1. The Chief of Security Police, (HQ USAF/SP) 1340 Air Force Pentagon, Washington DC 20330-1340, formulates, distributes, and interprets policy for the PRODSEC Program.
3.2. Headquarters Air Force Materiel Command, Office of Security Police, HQ AFMC/SP, 4225 Logistics Avenue, Suite 21, Wright-Patterson Air Force Base OH 45433-5760, provides an Air Force training program for security personnel who will oversee the acquisition process.
3.3. The MAJCOM security police office is the office of primary responsibility (OPR) for PRODSEC. The OPR helps program managers apply PRODSEC by:
- Reviewing mission need statements and ORD.
- Reviewing plans for system modifications.
- Helping requirements and contracting personnel plan for PRODSEC.
____________________________________________________________________________________________________
OPR: HQ AFMC/SPX (Mr Richard Liebsack) Pages: 6/Distribution: F
Certified by: HQ USAF/SP (Brig Gen Stephen C. Mannell)
3.4. System Program Directors or Program Managers:
- Plan for PRODSEC during the acquisition of all products.
- Evaluate the need for PRODSEC during the engineering and manufacturing development phase (Phase II) and during planning for system modification or maintenance.
- Make sure contracting officers specifically address PRODSEC in the contract when necessary. In those cases the contractor must list all proposed costs for security in the contract.
- Review the physical security plans of offerors to make sure they meet solicitation requirements.
- Inform the contracting officer of the results of the review and recommend specific changes to the security plan in the solicitation.
- Have the acquisition security specialist conduct PRODSEC surveys when necessary.
- In contracts using PRODSEC, stipulate that the contractor report incidents involving the product to the responsible Contract Administration Office, the Cognizant Security Office, and the acquisition security specialist.
3.5. Security specialists help apply PRODSEC by:
- Requiring PRODSEC only when it is cost-effective.
- Tailoring PRODSEC to the individual contractor facility.
- Preventing duplicate or excessive security requirements and costs.
- Working with the program office and the contracting office to specify which PRODSEC requirements to include in solicitations and contracts. The PRODSEC guide in attachment 1 will help.
- Evaluating plans received from offerors in response to solicitations.
- Conducting PRODSEC surveys at the request of the system program director or program manager.
- Reviewing contractors' responses to problems identified in PRODSEC surveys.
- Recommending corrective action to the contract administration office when a survey reveals a security problem.
- Helping the program offices on security matters as necessary.
- Ask the supporting major commands (MAJCOM) security police (SP) office for guidance when no trained acquisition security specialist is available.
3.6. The Aeronautical Systems Center Acquisition Security Directorate oversees the application of PRODSEC, including the conduct of surveys, at Air Force plants (GOCO).
3.7. The Defense Contract Management Command International (DCMCI) administers contracts for overseas depot operations. DCMCI coordinates PRODSEC surveys among security specialists; the HQ AFMC/SP, DCMCI Security Office; and the overseas command security police office.
4. PRODSEC Surveys. The purpose of initial and follow-on surveys is to evaluate the adequacy of physical security measures outlined in the contract. The surveys are not used to evaluate the contractor's compliance with industrial security requirements for protection of classified materials.
4.1. Make sure PRODSEC surveys are cost-effective. Do not conduct surveys where there are other means of evaluating physical security. Where physical security requirements are minimal, the security program director or program manager may authorize the contractor to perform a survey. In these cases, the contractor provides written certification of PRODSEC at the facility.
4.2. Acquisition security specialists conduct pre-award surveys. Use the survey to:
- Make sure the contractor can meet the requirements identified in the solicitation.
- See whether the contractor has satisfied the requirements by participating in the Industrial Security Program or some other security program such as Sensitive Compartmented Information or Special Access Required.
- Evaluate the contractor's security plan and physical security measures.
4.2.1. If the survey identifies problems in the contractor's program, recommend corrections to the contract administration office to include in the contract.
4.2.2. Conduct an initial survey not later than 12 months after the contract is awarded. Conduct follow-on surveys at 2-year intervals unless the program manager decides that additional surveys are not cost-effective.
4.3. Notify the contractor and the contract administration office of a proposed survey.
4.4. Use attachment 2 as a guide to format and distribute survey reports and attachment 3 for a list of Defense Contract Management Districts (DCMD). Keep a copy of the most recent survey in the security office supporting the program.
4.5. Acquisition security specialists evaluate corrections that the contractor proposes. If corrective action seems inappropriate, the program office and contracting officer concerned must recommend further action.
5. PRODSEC Reporting. Reporting procedures are exempt from licensing according to AFI 37-124, Management and Control of Information Reports Requirements (formerly AFR 4-38).
6. Acronyms Used:
COCO Contractor-Owned, Contractor-Operated
DCMCI Defense Contract Management Command International
DCMD Defense Contract Management Districts
DCMDI Defense Contract Management Districts International
GOCO Government-Owned, Contractor-Operated
MAJCOM Major Commands
OPR Office of Primary Respon-sibility
ORD Operational Requirements Document
PRODSEC Product Security
SP Security Police
- STEPHEN C. MANNELL, Brig General, USAF
- Chief of Security Police
3 Attachments
1. PRODSEC Guide
2. PRODSEC Surveys
3. Defense Contract Management Districts (DCMD)
PRODSEC GUIDE
This is a sample security guide with physical security criteria you need to consider for application to a particular program. Each program is different, so tailor the security guide to the product. Avoid excessive security costs where threat is low or where the product is not critical. Use AF Form 2519, All Purpose Checklist, to incorporate this listing or one you have specifically designed when you conduct a survey. Attach it to the survey report.
Protection Tools Adequate
YES/NO
1. Contractor Physical Security Plan.*
2. Contingency Plan (emergency operations).*
3. Operating Instructions.*
4. Post Instructions.*
5. Holding area boundary barrier. (1)
6. Holding area boundary lights.
7. Holding area warning signs.*
8. Holding area entry controller. (2)
9. Holding area internal lights.
10. Holding area entry point lights.
11. Holding area internal patrol. (3)
12. Holding area internal circulation controls.*
13. Positive product access controls.*
14. Holding area armed response.
15. Holding area badge system.
16. Intrusion detection system.
17. Security force communications.*
18. Security force training.*
19. Centralized security force control.*
20. Positive identification system.
21. Key and lock controls.*
_________
(1) Walls of rooms or buildings may serve as the area boundary. Otherwise, Type A fence is preferred.
(2) Rooms and buildings may automate entry.
(3) Except rooms and buildings.
- These elements should be considered as minimum requirements, but may be omitted if the system program director or Program Manager is willing to accept the risk.
PRODSEC SURVEYS
This attachment outlines procedures for documenting a PRODSEC survey. Use attachments 1 and 2 as a guide for conducting the survey. Include completed copy of attachment 1 as the last page of the report.
A2.1. Completing the Survey Report:
A2.1.1. Cover Page:
- Address: On the "TO" line, write the DCMD to whom the report will be sent. On the "FROM" line, write the name and address of the office conducting the survey.
- Type of Survey: Indicate Pre-Award, Initial, Follow-on, Special Request, or One-Time.
- Type of Facility: Indicate GOCO or COCO.
- Contractor: Write the name and address of the facility surveyed and the contract number of the applicable contract.
- Products: List the products manufactured at the facility.
- Dates of Survey.
- PRODSEC in Contract.
- Persons Conducting Survey.
- Signature Element: The senior person conducting the survey signs this block.
- Copies To: Insert offices and activities as required.
A2.1.2. Continuation Pages. Summarize each observation. Point out earlier observations that have not changed since the last survey.
- Remarks and Continuation Pages: Summarize security requirements specified in the contract, and include a Threat/Vulnerability Assessment:
- Describe significance of product value.
- Summarize hostile intelligence threat.
- Summarize local criminal environment.
- Describe threat posed to the product(s) by criminal elements, vandals, anti-military groups, dissident groups, and terrorists.
- Summarize local police and law enforcement support or agreements.
A2.1.3. Physical Security Requirements. Briefly describe requirements and adequacy of what exists. This narrative should match the completed PRODSEC Guide (attachment 1) attached as the last page of the report. If an item from this guide is not required at the surveyed facility, indicate "N/A" in the "Adequate" block.
A2.1.3.1. Identify unsatisfactory conditions as observations in the report. Recommend corrections when appropriate but bear in mind that only the contracting officer responsible for the existing contract can give direction to the contractor.
A2.2. Distributing the Survey Report. Address the report as attachment 3 instructs. Distribute additional copies to the program office requesting the survey, the appropriate MAJCOM/SP, and other agencies the survey official identifies.
DEFENSE CONTRACT MANAGEMENT DISTRICTS (DCMD)
This is a list of DCMDs to which you should address PRODSEC Survey Reports. Consult DLAH 4105.4, DoD Directory of Contract Administration Services Components, to determine the various contract administration offices reporting to districts and DCMCI. Using "I" in the office symbol directs the report to the security representative, except in the case of DCMCI
(Defense Contract Management District International).
Defense Contract Management Defense Contract Management
District South (DCMDS-I) Dist. North Central (DCMDC-I)
805 Walker Street O'Hare Int. Airport
Marietta, GA 30060-2789 Chicago, IL 60666-0475
(404)429-6411/DSN 697-6411 (312)694-6001, DSN 930-6011
Defense Contract Management Defense Contract Management District West
(DCMDW-I) Dist. Northeast (DCMDN-I)
222 N. Sepuleveda 495 Summer St.
El Segundo, CA 90245-4320 Boston, MA 02210-2184
(213)335-4400/DSN 972-4400 (617)451-3406, DSN 955-4306
Defense Contract Management Defense Contract Management
District Mid-Atlantic (DCMDM-I) Command Int (DCMCI-DI)
2800 S. 20th Street Wright Patterson AFB OH 45433
Philadelphia, PA 19101-7478 (513)257-4022, DSN 787-4022
(215)952-4000/DSN 444-4000