TREASURY DIRECTIVE 15-71

DATE: June 30, 2023

SUBJECT: Treasury Security Functions and Programs

  1. PURPOSE.  This Directive designates the Department Cognizant Security Authority (CSA) for the Intelligence Community element, redelegates authorities assigned to the Assistant Secretary for Intelligence and Analysis (A/S I&A), and assigns responsibilities for the personnel, information, physical, and industrial security programs.  This policy authorizes the Treasury Directive Publication (TD P) 15-71, “Treasury Security Manual.”
  2. SCOPE. This Directive applies to all bureaus, offices, and organizations in the Treasury, including the Office of Inspectors General.  The provisions of this Directive shall not interfere with the authorities of the Chief Information Officer (CIO) with regard to cybersecurity or impede the authorities of the Department’s Inspectors General.
  3. RESPONSIBILITIES.
    1. The Deputy Assistant Secretary for Security and Counterintelligence (DAS S&CI).
      1. 1) Establish and implement Treasury-wide security functions and programs, including Treasury’s personnel security, information security, physical security, and industrial security programs in accordance with relevant authorities.
      2. 2) Appoint members of any security appeals panel.
      3. 3) Confirm the need for access to classified national security information (CNSI); designate position sensitivity; make initial and follow-on determinations for: (1) eligibility to access CNSI, (2) eligibility to occupy a sensitive position, (3) suitability or fitness for employment within the Department as a government employee or contractor, and/or (4) authorization to be issued a Federal credential; grant access to CNSI upon confirming both need and eligibility for access and upon signature of a non-disclosure agreement; and suspend, deny, or revoke access to CNSI, authorization to be issued a Federal credential, and/or eligibility to occupy a sensitive position for the following positions:
        1. a) all presidential appointees in the Department requiring confirmation by the Senate, the Inspector General, and the Treasury Inspector General for Tax Administration to the extent of the Department's authority with respect to these officials; and
        2. b) heads of bureaus and their first deputies.
      4. 4) Establish and implement the Treasury Directive Publication (TD P) 15-71, Treasury Security Manual, including approval of new and revised Department security policy contained therein.
      5. 5) Serve as the principal advisor to the Under Secretary for Terrorism and Financial Intelligence, the A/S I&A, and other senior officials with respect to Treasury security programs and functions.
      6. 6) Represent Treasury on interagency committees, including serving as the liaison to other Federal agencies concerning security matters. Redelegation of this responsibility need not be in writing.  
      7. 7) In accordance with Intelligence Community Directive (ICD) 700, Protection of National Intelligence, the DAS S&CI is designated the Department’s CSA and serves as the Intelligence Community element authority for all aspects of security program management for the protection of national intelligence and intelligence sources, methods, and activities.  This designation may not be delegated.  As the CSA the DAS S&CI will:
        1. a) Establish and implement TD P 15-03, “Treasury Intelligence Information System Security Policy Manual,” this includes the approval of new and revised Department security policy therein. This includes the review and approve new or revised bureau issuances implementing and/or supplementing TD P 15-03; and prior to approving, submit such issuances to the Assistant Secretary for Management in their capacity as the Senior Agency Official for Privacy and Chief Privacy and Civil Liberties Officer, to review and approve for privacy and civil liberties impacts.
        2. b) Act for Departmental Offices (DO) with respect to the Intelligence Information System Security Program.
    2. The Director, Office of Security Programs (OSP).  The following authorities of the A/S I&A are redelegated to the Director, OSP:
      1. 1) Manage Treasury’s personnel security, information security, physical security, and industrial security programs including defining its operating functions, prescribing uniform procedures, and overseeing standardized implementation and compliance across Departmental Offices and bureaus.
      2. 2) Grant eligibility to access sensitive compartmented information (SCI) and control Treasury employees’ access to other executive agencies’ SCI programs under Executive Order (E.O.) 13526; except where that responsibility is reserved for the DAS S&CI per section 3a(1)(g), unless otherwise delegated.
      3. 3) Confirm the need for access to CNSI, confirm position sensitivity designated by the bureaus, and make initial and follow-on determinations for: (1) eligibility to access CNSI, (2) eligibility to occupy a sensitive position, (3) suitability or fitness for employment within the Department as a government employee or contractor, (4) authorization to be issued a Federal credential; and suspend, deny, or revoke access to CNSI, for all bureau security officer positions as well as any official with delegated authority to make initial and follow-on determinations for Treasury personnel regarding: (1) eligibility to access CNSI, (2) eligibility to occupy a sensitive position, (3) suitability or fitness for employment within the Department as a government employee or contractor, and (4) authorization to be issued a Federal credential.
      4. 4) Is the Accrediting Official for the construction, accreditation, re-accreditation, de-accreditation, and oversight of Treasury Sensitive Compartmented Information Facilities.  The Director may further delegate this decision authority, with the approval of the CSA, while retaining overall responsibility for such decisions.
      5. 5) Is the principal advisor to the DAS S&CI with respect to carrying out all applicable security responsibilities under E.O.s, Presidential Decision Directives, National Security Directives, and other applicable national policy directives.
      6. 6) Update and maintain TD P 15-71 and DO and Departmental security guidance, with DAS S&CI approval.
      7. 7) Develop, maintain, and publish standards and procedures for DO’s operational security programs.
      8. 8) Coordinate with the Department of Energy on all matters pertaining to clearances for access to information designated "Restricted Data" or "Formerly Restricted Data" pursuant to the Atomic Energy Act of 1954, as amended.
      9. 9) Develop and compile annual reports, including accounting for costs of implementing E.O. 13526, required by Information Security Oversight Office (ISOO) and the Security Policy Board, and serves as liaison to those entities.
      10. 10) Develop and compile annual reports on security functions as required by law, Executive Order, or national policy and oversight entities.
    3. Heads of offices and bureaus and the Inspectors General (IG).  The heads of offices and bureaus and the IG shall:
      1. 1) Direct and administer their office or bureau’s security programs and functions in accordance with TD P 15-71, Treasury Security Manual, and/or as directed by the DAS S&CI or Director, OSP.
      2. 2) Ensure the OSP is provided with access to information within the offices’ and bureaus’ area of administrative control, as directed by the Director, OSP, as necessary to facilitate management of Treasury’s personnel security, information security, physical security, and industrial security programs, and to identify, analyze, and resolve related security matters.
    4. Heads of offices and bureaus that electronically process, store, produce, and communicate foreign intelligence information
      1. 1) Implement TD P 15-03;
      2. 2) Submit new or revised bureau security issuances including, but not limited to, directives, regulations, handbooks, or publications implementing or supplementing TD P 15-03 to the CSA for review and approval prior to publication and implementation; and
      3. 3) Review existing bureau issuances for compliance with TD P 15-03 and submit to the CSA if revised or rewritten.
  4. IMPLEMENTATION. The Department’s security policies, procedures, minimum requirements, and standards shall be codified in TD P 15-71, which shall be binding on all Treasury offices and bureaus.  Office and bureaus are not precluded from applying more stringent internal policies, procedures, requirements, or standards where necessary to accomplish their mission, so long as they are consistent with those in the Security Manual and applicable law and national policy.  Any changes to TD P 15-71 shall be formally coordinated with Treasury offices and bureaus for review and comment prior to issuance.
  5. AUTHORITIES.
    1. 31 U.S.C. § 312(a)(4)
    2. Intelligence Community Directive 700
    3. Treasury Order 102-17, “Delegation of Authority Concerning the Personnel Security Program”
    4. Treasury Order 102-20, “Delegation of Authorities Concerning the Information Security Program”
    5. Treasury Order 105-21, “Delegation of Authority Concerning the Industrial Security Program and Representation at the Interagency Security Committee”
  6. CANCELLATION. Treasury Directive 71-10, Department of the Treasury Security Manual of August 23, 1999; and Assistant Secretary for Intelligence and Analysis Memorandum, Designation of Cognizant Security Authority of July 6, 2020, are cancelled.
  7. OFFICE OF PRIMARY INTEREST. Office of the Assistant Secretary for Intelligence and Analysis.

     

/S/
Shannon Corless
Assistant Secretary for Intelligence and Analysis