Case Studies

The Challenge

Identifying opportunities for the restructuring of the current regulatory and oversight framework.

The Solution

Conduct a comprehensive review of the current regulatory and oversight framework in order to eliminate fragmentation, reduce costs, and promote security improvements in the Nuclear Security Enterprise.  The Zero-Based Security Review of the entire physical security program consists of the evaluation of:

• Protective Force Operations focusing on efforts to improve the effectiveness and efficiency of the field protective force operations.
• Security Policy Implementation focusing on improving the National Nuclear Security Administration's (NNSA’s) ability to seamlessly implement a streamlined set of policy expectations.
• NNSA Federal Management and Oversight focusing on creating consistent management and oversight mechanisms to guide our field safeguards and security contracting operations.

The restructured security implementation approach is being linked to clear performance expectations that are integrated into the Federal oversight and assessment process. The end-product of this element of the ZBSR will be the development of NNSA-specific policy implementation instructions covering all security topical areas (program planning and management, protective force, physical security, information protection, personnel security, nuclear materials control and accountability, and cyber security). The key factors and/or principles being used in the process are:

• Fully implement risk management principles to focus on risk acceptance within the broader security program; the goal is to achieve a broader consensus on the acceptable level of risk for our field program.
• Adopt a “first principles” approach to policy development: eliminate non-value added policy requirements and focus on fundamental security rules and procedures, and use cost/benefit analysis as part of the policy implementation process.
• Evaluate the potential for using a “threat-based” approach to implementation guidance that clearly identifies the objectives of the security program and ties policy requirements to security controls that directly counter the threat.
• Evaluate a more centralized safeguards and security program management, execution and evaluation program that recognizes that the nature of the direct funding approach which dictates a shared (Headquarters and field) acceptance of risk and responsibility for security program results.
• Conduct a government-wide assessment/analysis of security policies and procedures. Identify best practices and adopt them within the NNSA policy framework.

CTAC’s Role

CTAC subject matter experts partnered with the NNSA Office of Defense Nuclear Security and field safeguards and security staff evaluating protective force requirements, physical security requirements, and Federal oversight practices and processes.  The review focused on identifying meaningful and achievable opportunities to improve the way NNSA implements security policies, procedures, and programs.