12 FAM 420


(CT:DS-302;   08-24-2018)
(Office of Origin:  DS/IP)


(CT:DS-291;   03-07-2018)

a. Regional security officers (RSOs) report to the chief of mission (COM) at Foreign Service posts for the establishment and operation of Department security policies and programs abroad.

b. The RSO or post security officer (PSO) and their staff are subject to the administrative direction of the COM or principal officer (PO) in countries assigned, or where they are detailed on official temporary duty (TDY).

c.  The deputy chief of mission (DCM) is the direct supervisor and designated rating officer for the senior RSO at post.  The COM is the designated reviewing officer for the senior RSO.  RSOs rate their immediate subordinates and the DCM serves as the reviewing official.  At constituent posts, RSOs report directly to and are rated by the PO.  The senior RSO in country is the reviewing officer (see 3 FAH-1 H-2813.3).

d. While posted overseas, when reporting information to Diplomatic Security (DS) headquarters, all RSOs report to the principal deputy assistant secretary for Diplomatic Security and director of the Diplomatic Security Service (DS/DSS) through the International Programs Directorate (DS/IP) or the High Threat Programs Directorate (DS/HTP), as assigned.


12 FAM 422.1  General

(CT:DS-268;   03-02-2017)

a. The RSO is a U.S. Foreign Service Diplomatic Security service special agent serving abroad at an embassy, mission (e.g., Geneva and all international organization posts), or consulate.  RSOs are responsible for implementing and managing the Department’s security and law enforcement programs, other than law enforcement responsibilities under the authority of the Office of Inspector General (see 1 FAM 050), for a geographic region, which includes at least one Foreign Service post.  An RSO is resident at a particular post and may have constituent posts within his or her region for which he or she is responsible.  PSOs are U.S. Foreign Service personnel whom the COM or PO designates to manage security programs at posts that do not have a resident RSO (see 12 FAM 423.5).  RSOs or PSOs are responsible for overseeing the day-to-day management of security programs at their resident and constituent posts.

b. The RSO’s responsibilities and duties are enumerated in 12 FAM 422.2 through 12 FAM 422.5.  In accordance with 2 FAM 110, the COM may reassign some specific elements to other post personnel.  If a COM changes an RSO’s duties, the RSO must notify his/her respective Office of regional directors (DS/IP/RD or DS/HTP/RD).

12 FAM 422.2  Security Directives

(CT:DS-291;   03-07-2018)

a. RSOs and PSOs must provide briefings on specific security regulations, procedures, and techniques to all employees at post, in order to maintain a high level of employee security awareness.  See 12 FAM 424 for types of security briefings.

b. RSOs and PSOs issue, with the approval of the COM, security directives (signed by the current COM or PO) that give detailed written instructions and/or reminders of security policies and procedures.  Required security directives include:

·         Access control policy;

·         Mission firearms policy;

·         Travel policy;

·         Post emergency notification system (PENS) and other emergency preparedness information;

·         Post policies for handling and securing classified information, and post's Security Incident Program;

·         Walk-ins/asylum seekers;

·         Transportation security;

·         Contact reporting policy;

·         Residential security policy; and

·         Personnel recovery policy

    NOTE:  Security directives do not take the place of security notices routinely issued by the RSO or PSO and post management to address post-specific non-policy issues, such as weekly radio checks, street closings and traffic patterns, or temporary changes to access control procedures.  In coordination with post management and the consular section, RSOs assist in the preparation of security messages (see 7 FAM 000 Appendix A).

c.  Security directives that include prohibitions should describe the prohibited activity and the consequences of a violation (e.g., severe disciplinary action up to and including removal from the post).  See 3 FAM 4377, List of Disciplinary Offenses and Penalties, which identifies the offense of “violations of other security regulations, guidelines, or instructions” and penalties ranging from “a letter of reprimand to removal.”  Post security directives must include the consequences of violating the mandatory post security policy as they relate to 3 FAM 4377.

d. Security directives should highlight the responsibility of all supervisors to ensure full compliance.  As established in 3 FAM 4127, Personal Security Practices, supervisors and managers should ensure employees have access to useful information, Department policies, and guidance concerning their personal security responsibilities.  They must ensure they do not impose working conditions such as strict adherence to arrival and departure times that keep employees from maximizing their personal security responsibilities.

e. Security directives must instruct all members of the mission to report any known or suspected violations to the RSO or appropriate supervisor.  Post briefs all current employees concerning their obligation to report any known or suspected violations of post security directives to the RSO, their supervisors, the deputy chief of mission (DCM), or the COM.  The RSO or PSO includes this statement in his/her briefings for all incoming personnel.  Both current employees and incoming personnel must acknowledge in writing they have been briefed on their responsibility to report violations of post security directives.

f.  Security directives should outline a procedure for seeking exception to the directive.  The employee must request, in writing, the written approval of the COM for any exception to mandatory post security directives.

g. Security directives should remind all mission personnel of their personal security responsibility for their own and others' security.  Post must ensure all personnel are briefed and provided a personal security self-assessment Checklist.

12 FAM 422.3  Reporting Security Incidents

(CT:DS-270;   03-23-2017)

a. RSOs and PSOs must immediately report all incidents (e.g., threats and attacks; actual or possible demonstrations directed at U.S. persons or the embassy; planned or actual kidnapping of a U.S. diplomat; Marine security guard (MSG) or local guard force problems/issues; and/or other life/facility protection issues) that could adversely affect a post’s security status, to the responsible RSO if the reporter is a PSO, and to DS/IP or DS/HTP, as assigned.  In certain situations it will be appropriate to notify the DS command center and/or report a security incident via the DS SPOT report system.

b. Security incidents involving the possible or actual compromise of classified information (see 12 FAM 550 and 12 FAM 590) must be reported within 24 hours of discovery to the Program Applications Division (DS/IS/APD).  Reporting a possible or actual compromise of classified information must be submitted directly via the Investigative Management System (IMS).

(1)  Upload form OF-117, Notice of Security Incident, as it is received or initiated, and form OF-118, Record of Incident, in IMS as soon as it is fully processed DS/IS/APD.  The RSO or PSO must inform DS/IS/APD if the form OF-118 completion date is expected to occur more than 30 days from the date of the incident (12 FAM 553).

(2)  Cable reporting is not acceptable.  RSOs should retain the original forms at post as an OIG inspectable item for three years.  Do not forward hardcopy documents via diplomatic pouch to DS/IS/APD.

c.  All reports must be submitted via IMS.  Refer to the DS/IS/APD website for detailed instructions regarding processing security incidents.

12 FAM 422.4  DS and DSX Channels—General Guidance

(CT:DS-291;   03-07-2018)

a. DS channel-captioned messages provide control over communications between DS and the RSO or PSO on highly sensitive security matters and must be used only for this purpose.  The strictest need-to-know principle applies to such communications.  The need-to-know principle does not relieve the security officer of the obligation to keep the COM or other responsible officers informed on matters of official interest, relating to personnel or operations of any post, under the general supervisory jurisdiction of the COM.  Since cable distribution is appropriately restricted to specified DS personnel, sharing such information with the COM should, when possible, be personally conveyed to preclude disclosure to others (see 5 FAH-2 H-443).

b. The DS channel is used for cables between the RSO and DS HQ concerning:

(1)  Criminal investigations involving U.S. citizens or foreign nationals who are not U.S. government employees;

(2)  Special protective equipment; and

(3)  Other sensitive subjects the drafter deems should be restricted to DS personnel at posts or within the Department.

c.  RSOs or PSO must ensure Information Programs Center (IPC) distribution is in accordance with 5 FAH-2 H-443.  The Executive Director for Diplomatic Security (DS/EX) authorizes access to DS channel message traffic at the DS headquarters level.  This caption may only be used laterally in the field.  ASEC is the only TAGS used on DS channel message traffic.

d. The channel for DS very sensitive information (DSX) is used for cables between RSOs and DS HQ concerning:

(1)  Criminal and special investigations involving U.S. citizens, U.S. government employees, or DS employees;

(2)  Counterintelligence investigations;

(3)  Adverse personnel security actions;

(4)  Investigations concerning spouse or child abuse;

(5)  Confidential sources;

(6)  Undercover operations; and

(7)  Other sensitive subjects the drafter deems highly restricted.

e. RSOs must ensure IPC distribution is in accordance with 5 FAH-2 H-443.  The domestic operations directorate authorizes access to DSX channel message traffic.  This caption may be used laterally in the field.  ASEC are the only TAGS used on DSX message traffic:

(1)  Overseas:  DSX channel access is limited to the RSO, one special agent back-up (deputy regional security officers (DRSO) or senior assistant regional security officers (ARSO) and the assistant RSO-investigators (ARSO-I), where posted.  Access overseas is limited to DS special agents.

(2)  Domestically:  Access and distribution are limited to supervisory personnel in investigative offices and the Deputy Assistant Secretaries for International Programs (IP), High Threat Programs (HTP), and threat investigations and analysis (TIA), and limited other personnel, as required.

(3)  More information on DSX channel, uses, and access can be found at 5 FAH-2 H-443.

12 FAM 422.5  Other Responsibilities and Duties

(CT:DS-302;   08-24-2018)

a. The RSO’s other responsibilities and duties include, but are not limited to:

(1)  Serving as the focal point at the post for programs to protect U.S. classified and sensitive information, facilities, and personnel from terrorism, weapons of mass destruction, hostile foreign intelligence activity, and criminal acts;

(2)  Monitoring and inspecting the security programs at constituent embassies, missions or consulates, and providing comprehensive training and planning guidance to RSOs and PSOs at these posts through periodic visits and exchanges of correspondence; and

(3)  Managing the regional security office, including the supervision of any assigned personnel including, but not limited to:

·         DRSO's;

·         ARSO's;

·         DS special agents or other personnel TDY to the RSO;

·         ARSO-I;

·         Security engineering officers (SEO) at an Engineering Services Office;

·         Security technical specialists (STS) at a Technical Security Office;

    NOTE:  SEO, STS and SEABEE staff at an engineering services center (ESC) are supervised by the responsible SEO in charge of the ESC, not the RSO

·         Security protective specialists (SPS);

·         MSGs (see 12 FAM 430);

·         U.S. Navy seabees;

·         Foreign Service national investigators (FSNIs) (see 12 FAM 423.7);

·         Local guard forces (LGFs) under a personal services agreement (PSA) (see 12 FAM 460 and 12 FAH-7);

·         Bodyguards;

·         Office management specialist (OMS) staff;

·         Surveillance detection specialists;

·         Alarm technicians;

·         Residential security coordinators; and

·         Contract background investigators

(4)  Maintaining official liaison with host-country, third-country, and U.S. intelligence, security, and law enforcement organizations to conduct exchanges of current terrorist, counterintelligence, and criminal investigative data, and coordinate post defensive security programs and planning;

(5)  Interpreting and reporting information of security significance developed through host-country liaison activity;

(6)  Serving as a member of the embassy Emergency Action Committee (EAC), other pertinent committees, and the country team, providing security insight to other members based upon information received through foreign liaison and specialized knowledge of security policies or programs;

(7)  Establishing and managing, where required, a special security program for the personal protection of the COM and other U.S. officials targeted by terrorist groups, closely monitoring all available intelligence to determine the need for changes in operational protective tactics and techniques;

(8)  Arranging and providing protective security coverage, host-country security liaison, and other services for U.S. VIP visits and conferences within the region;

(9)  Developing, as the COM or PO may direct, the security portion of post's Emergency Action Plan (EAP) to address security issues including terrorist attacks, weapons of mass destruction, internal defense, riots, coups, and demonstrations;

(10) Reporting emergency preparedness training and drills, and promoting knowledge of post's EAP;

(11) Continually assessing the vulnerability of resident and constituent posts to terrorism and hostile foreign intelligence information-gathering activities, and adjusting post's defensive counterintelligence and/or counterterrorist planning and programs;

(12) Reviewing current and near-term intelligence, post reporting, and local news reporting on political, military, security, and intelligence developments in the region to identify security concerns;

(13) Preparing and coordinating comprehensive threat assessments for use by the Department and post, including revising assessments when receiving intelligence information, significant incidents occur, or conditions in country change (e.g., a sharp increase in crime);

(14) Performing defensive counterintelligence and insider threat training and awareness functions and coordinating activities involving U.S. officials or Locally Employed (LE) Staff who are targeted by hostile intelligence services;

(15) Maintaining current knowledge of tactics and techniques used locally by hostile intelligence services;

(16) Participating in the post counterintelligence working group (CIWG);

(17) Conducting, when directed by DS headquarters or the COM, investigations of allegations or occurrences involving violations of U.S. criminal law or U.S. government regulations by Government employees, in accordance with 12 FAM 220;

(18) Conducting the equivalent of Tier 5 background investigations, under the standards set forth under the Federal Investigative Standards, of all applicants for third-country national and LE Staff positions within the limits imposed by existing liaison agreements with the host government and as local conditions permit.  This includes making maximum use of host-country investigative records or resources, when possible, to ensure the fullest development of investigative leads and evaluating all information developed as a basis for the issuance or denial of a security certification for employment (see 3 FAM 7222);

(19) Conducting the equivalent of Tier 5 background investigations, under the standards set forth under the Federal Investigative Standards, of all contract employees, within the limits imposed by existing liaison agreements with the host government and as local conditions permit, and/or reviewing suitability investigations conducted by contractors on their employees; evaluating all information developed as a basis for the issuance or denial of a security certification for employment (see 3 FAM 7222);

(20) Conducting the equivalent of Tier 5 reinvestigations on all LE Staff and contract employees, under the standards set forth under the Federal Investigative Standards, within the limits imposed by existing liaison agreements with the host government and as local conditions permit on a 5-year cycle and evaluating the results for the purpose of issuing or denying a security recertification for employment (see 3 FAM 7222 and 12 FAH-7 H-136 and H-137);

(21) Conducting security surveys of U.S. government-owned/leased facilities at resident and constituent posts to include mission office buildings and residences used by COM personnel and their dependents and, as necessary, identifying vulnerabilities/deficiencies (if any) and recommending physical and/or technical security changes or improvements revealed by such surveys, to the COM as necessary; coordinating the implementation of all approved and proposed projects until completed; and modifying internal defense planning concepts, as necessary, to incorporate improved physical and/or technical security features;

(22) Designing, implementing, and managing post’s Local Guard Program (LGP) (see 12 FAM 460);

(23) Implementing, and managing post’s Residential Security Program (RSP) (see 12 FAM 330);

(24) Providing professional security advice to all personnel of U.S. country team elements at post, whether permanently assigned or sent abroad on a temporary duty (TDY) basis, who are under COM authority, their accompanying eligible family members (EFMs), and members of household (MOHs).  In conjunction with 12 FAM 424.3, the RSO should develop and make available general security handout information including, but not limited to:

(a)  RSO contact information;

(b)  Personal protective measures;

(c)  Crime statistics;

(d)  Terrorist threats;

(e)  Traffic accident procedures;

(f)   Safeguarding sensitive and classified material (see 12 FAM 424.5); and

(g)  Counterintelligence threat and security reporting requirements as appropriate and within applicable security clearances (see 12 FAM 260 and 12 FAM 270).

(25) Formulating and conducting education and training programs pertinent to the conduct of post information security programs and ensuring adherence to Foreign Service and other pertinent U.S. government security regulations;

(26) Investigating and reporting to DS/IS/APD all instances of possible information and cyber security incidents (see 12 FAM 550 and 12 FAM 590);

(27) Serving as the mission focal point for the general oversight and coordination of special security programs managed by DS offices;

(28) Coordinating the conduct of technical surveillance countermeasures inspections at posts with the Office of Security Technology (DS/C/ST), the regional engineering services center (ESC), and, if resident, the post SEO;

(29) Establishing, supporting, and managing country councils for the Overseas Security Advisory Council (OSAC);

(30) Coordinating the passage of threat information to the U.S. private sector on issues affecting the safety and security of U.S. businesses, non-governmental organizations, faith-based organizations, and academic institutions at a level commensurate with host-country threat conditions;

(31) Providing professional security advice and unclassified security threat briefings to administrators of schools that enroll dependents of U.S. government direct-hire employees;

(32) Where appropriate at the post, serving as the contracting officer’s representative (COR) for LGs and residential security contracts;

(33) Designing, implementing, and managing post’s Surveillance Detection Program (SDP) (see 12 FAM 480 and the Surveillance Detection Management and Operations Field Guide, Version 2, dated 2002);

(34) Creating, updating, and distributing appropriate emergency contact information to all personnel of U.S. country team elements at the post, whether permanently assigned or sent abroad on a TDY basis, who are under COM authority; and their accompanying EFMs and MOHs.  At a minimum, emergency contact information should include local police, fire and ambulance, post one, the RSO, embassy duty officer (if available), and embassy operator phone numbers.  This information should be distributed in a durable and convenient method such as a laminated reference card or similar method.  In addition, in coordination with the General Services Office (GSO), the RSO must provide guidance and information on immediate actions in case of a vehicular/traffic accident (translated where appropriate).  This information must also be distributed in a durable and convenient method.

(35) Conducting background investigation leads on all employees, applicants, and contractors at the direction of the Office of Personnel Security and Suitability (DS/SI/PSS) and within the limits imposed by existing liaison agreements with the host government; and

(36) Performing additional duties as directed by a COM or DS headquarters.

12 FAM 422.6  Use of the Polygraph in Vetting Locally Employed (LE) Staff at Special Conditions Posts

(CT:DS-268;   03-02-2017)

Refer to 12 FAM 251 for guidance on use of the polygraph in vetting locally employed staff.

12 FAM 422.7  RSO and PSO Systems Security Responsibilities

(CT:DS-291;   03-07-2018)

a. RSOs and PSOs work closely with the information systems security officer (ISSO) at post (see 12 FAM 610) on systems security issues and have specific responsibilities for:

(1)  Ensuring all personnel with access to a classified system have an appropriate security clearance;

(2)  Coordinating briefings with the ISSO for system users upon their arrival at the post, concerning the security considerations of classified systems;

(3)  Issuing form OF-117, Notice of Security Incident, for security incidents on the system based upon either the RSO’s or ISSO’s investigation;

(4)  Periodically checking alarm systems that protect computer equipment to ensure proper functioning; and

(5)  Conducting or verifying the security clearances of local vendor personnel who service system components.

b. Pursuant to their role as the overall manager for security at the post, RSOs or PSOs must also provide the ISSO with guidance and/or information regarding:

(1)  Department prohibition on processing classified security information on an unclassified system;

(2)  Physical and equipment security measures;

(3)  Security processing for staff and maintenance employees with access to an automated information system;

(4)  Identification of a secure storage area for backup copies of system data files and software;

(5)  Suspected incidents of fraud or manipulation of data on a system, the unauthorized disclosure or the destruction of data, or the personal use of system resources; and

(6)  Coordination and monitoring of the conduct of periodic security indoctrination and training sessions for personnel assigned to the post.


12 FAM 423.1  Post Needs

(CT:DS-291;   03-07-2018)

a. Posts are encouraged to identify breaks in security personnel staffing that may require temporary duty (TDY) coverage.  Posts must direct their requests for TDY security personnel to DS/IP/RD or DS/HTP/RD.  RSOs must notify their respective DS/IP - DS/HTP regional director at least two months prior to any anticipated absences.

b. DS/IP and DS/HTP do NOT provide TDY RSO support for RSO personnel who need to take home leave, military leave, annual leave, or R&R.  Exceptions to this policy are considered solely on a case-by-case basis for posts experiencing unique and ongoing hardships/circumstances and unanticipated emergencies or contingency situations.

c.  DS may, on a case-by-case basis, consider TDY RSO support to cover gaps in excess of 30 days if:

(1)  An unmanageable staffing gap emerges in connection with a permanent change of station (PCS) transfer to a priority staffing post (PSP);

(2)  Prolonged medical leave is required;

(3)  There is no other DS special agent or trained PSO at post.  Site security managers (SSMs) directly support the Bureau of Overseas Buildings Operations (OBO) and should not be counted on to serve as a back-up RSO;

(4)  There are current, significant and ongoing threats or crime conditions at post;

(5)  The request is received with sufficient lead time to permit an orderly selection and briefing of the TDY replacement; and

(6)  Sufficient funding for the TDY RSO is available.

d. DS/IP or DS/HTP must notify the Counterintelligence Division (DS/ICI/CI) of significant breaks in security personnel staffing at critical human intelligence (HUMINT) threat posts, and coordinate requests for TDY support from those posts with DS/ICI/CI (see 1 FAM 260).

12 FAM 423.2  Deputy Regional Security Officer (DRSO)

(CT:DS-268;   03-02-2017)

a. For some RSOs, DS/IP/RD or DS/HTP/RD may approve (with the concurrence of DS/DSS) the establishment of a DRSO position.  The DRSO is DS special agent with prior overseas RSO or ARSO experience and reports to the RSO.

b. DRSO responsibilities and duties are similar to those of an RSO.  DRSOs are usually assigned to posts with a large (three or more) number of DS special agents and serve as their rating officer.

c.  In the absence of the RSO, the DRSO assumes the position of acting regional security officer.

12 FAM 423.3  DS Special Agent (SA)/Assistant Regional Security Officer (ARSO)

(CT:DS-268;   03-02-2017)

The ARSO is a DS special agent and supports the RSO and the DRSO in managing all elements of the post’s security programs (all duties and responsibilities identified in 12 FAM 422 – Security Officer).  The ARSO reports directly to the RSO and the DRSO (if such a position is established at the post).  The ARSO serves as acting RSO when the RSO and DRSO are absent from post.

12 FAM 423.4  Assistant Regional Security Officer for Investigations (ARSO-I)

(CT:DS-268;   03-02-2017)

a. ARSO-Is, operating in concert with the Overseas Criminal Investigations Division (DS/ICI/OCI), work together with the consular section to protect the integrity of the international passport and visa system, and disrupt criminal and terrorist mobility by working with host nation law enforcement to combat the production and use of fraudulent travel and identity documents.

b. ARSO-Is conduct criminal investigations relating to passport and visa fraud at U.S. missions by:

(1)  Maintaining effective liaison with the consular section’s management and staff;

(2)  Establishing and maintaining effective liaison with U.S. government law enforcement agencies at post;

(3)  Establishing and maintaining effective liaison with local police, immigration, airline, and other travel officials;

(4)  Informing DS/ICI/OCI of investigative activities through spot reports, investigative incident reports (IIRs), and regular monthly status reports (MSRs);

(5)  Participating, as requested, in regular fraud prevention training sessions and briefings for consular officers, locally-hired staff, and local authorities; and

(6)  Developing and sharing fraud trends and vulnerabilities with consular staff and DS/ICI/OCI intelligence.

12 FAM 423.5  Post Security Officer (PSO)

(CT:DS-268;   03-02-2017)

a. Most tasks assigned to PSOs are similar to those assigned to RSOs, but are limited in scope because PSOs are not DSS special agents, and do not have law enforcement authority.

b. The COM must designate each PSO in writing and send a copy of the memorandum to the RSO who has regional responsibility for the post.

c.  When determining who to designate as the PSO, the COM should consider what other duties FSOs at post may be required to do during emergency events as part of their core assignment duties and which FSOs are best positioned in the course of their regular assignment to take on the additional tasks listed below.

d. PSOs should successfully complete the DS PSO training before they are assigned to PSO positions.

e. PSO duties consist of:

(1)  Administering post security policies and procedures;

(2)  Administering the security incident program;

(3)  Providing arrival and departure briefings to all U.S. employees and their dependents;

(4)  Reporting threats and other post security situations to the RSO;

(5)  Conducting special investigations as requested and directed by the RSO;

(6)  Conducting investigations of LE Staff applicants in accordance with existing liaison agreements with the host government and submitting results to the RSO;

(7)  Serving as the contracting officer's representative (COR) for local guard and residential security contracts, when assigned;

(8)  Managing the LGP and supervising local guards hired under personal services agreements;

(9)  Maintaining liaison with host-country officials and post officials;

(10) Formulating and coordinating emergency plans and conducting drills;

(11) Conducting physical security surveys on proposed new-lease or purchased residential and/or official building properties, as directed by the RSO; and

(12) Managing and supervising the post’s surveillance detection program.

12 FAM 423.6  RSO Office Management Specialist (OMS)

(CT:DS-268;   03-02-2017)

U.S. citizen employees may be hired or assigned as RSO office management specialists (OMS) at posts where there is a resident RSO.  OMS personnel perform many specialized tasks not typically performed by other OMSs and are knowledgeable about security policies and procedures.  In addition to having requisite office management skills, RSO OMSs are also responsible for:

(1)  Typing specialized reports such as the security survey reports, investigative reports, security incident reports, and quarterly status reports;

(2)  Organizing briefings and recording required attendance;

(3)  Tracking and maintaining records pertaining to security infractions and violations;

(4)  Assisting with RSO ID and access control programs;

(5)  Disseminating threat information and information regarding policy changes; and

(6)  Answering questions and resolving minor security problems in the RSO’s absence.

12 FAM 423.7  Locally Hired FSN Investigators (FSNI)

(CT:DS-268;   03-02-2017)

a. FSNIs work in the security office and perform a variety of tasks that support the entire security program abroad primarily by:

(1)  Providing expertise concerning the language, culture, and customs of the host country;

(2)  Maintaining contacts with police and other host-government authorities;

(3)  Assisting in the protection of post and visiting U.S. government officials;

(4)  Obtaining information concerning potential security threats to the post, and terrorist related incidents such as attacks or host government counter-terrorism operations; and

(5)  In accordance with 12 FAM 220, conducting investigations as assigned by the RSO or the ARSO-I to include background/security investigations, investigations for other Department bureaus and offices, investigations for other U.S. government departments or agencies, and assisting in criminal investigations abroad including crimes against post personnel.

b. The RSO traditionally serves as the FSNI's primary supervisor.  However, in instances where post does not have an RSO, or he/she delegates the responsibility, DRSOs, ARSOs, ARSO-Is or PSOs may serve in this capacity.  He or she controls the FSNI’s access to information pertaining to U.S. citizens, and minimizes the use of FSNIs in investigations involving U.S. citizens.  FSNIs are prohibited from accessing the security files of U.S. citizens and their access to the investigative files of other FSNs is controlled on a need-to-know basis.  FSNIs may not interview U.S. sources or review U.S. citizen-controlled post files.

c.  When determined to be necessary, and in accordance with post's Mission Firearms Policy, FSNIs may be authorized to carry firearms.

d. RSOs must ensure for all posts under their regional responsibility that all prospective FSNIs enroll and successfully complete Diplomatic Security Training Center’s (DSTC) Basic Foreign Service National Investigator’s course.  FSNIs should successfully enroll and complete training prior to employment, or as soon as possible after employment, preferably before the expiration of the employees' probationary period, to allow the RSO time to evaluate performance potential.

e. FSNIs working for the ARSO-I office are also expected to complete the ARSO-I criminal fraud investigator (CFI) course at DSTC and take part in regional training exercises as specified by DS/ICI/OCI.

f.  The RSO must ensure each FSNI enrolls and successfully completes DSTC’s advanced FSNI course every five years following his or her initial training.


12 FAM 424.1  New Arrival Briefings

(CT:DS-268;   03-02-2017)

a. The RSOs or PSOs must provide a mandatory comprehensive security briefing to employees shortly after their arrival at post.  The briefing must acquaint newly arrived personnel with post’s security situation and the total security environment, including the general security requirements and procedures in effect.  The briefing must also highlight the importance of attention to personal security and include a Personal Security Self-Assessment Checklist.

b. Routine arrival briefings must include general counterterrorism and counterintelligence policies and procedures relating to the post and country of assignment.  As threat situations change, RSOs and PSOs must provide briefings for senior post officials and other employees and dependents.

c.  The RSO or PSO must use an outline at each briefing to ensure all required subjects are covered.  The RSO or PSO must maintain a record of all briefings, including the dates and identities of all employees briefed, and must establish procedures for ensuring employee participation.  Each employee must sign a statement that he or she has been briefed, has received a copy of the checklist, and understands the material covered.  The statement must also indicate topics covered during the briefing.

12 FAM 424.2  Locally Employed Staff (LE Staff) Briefings

(CT:DS-291;   03-07-2018)

a. Unclassified briefings are required for all new locally employed/hired and incumbent LE Staff personnel (see 3 FAM 7120).  The RSO will develop and present an appropriate briefing for locally hired Americans who receive a security clearance.  RSOs may delegate this duty, as appropriate.

b. Periodic unclassified briefings should be a requirement of LE Staff security updates and recertification.

c.  At a minimum, unclassified briefings will cover:

(1)  Access controls, escort requirements;

(2)  Protection of identification media;

(3)  Handling and protection of sensitive information;

(4)  Computer security;

(5)  Respecting and avoiding restricted areas;

(6)  Procedural security including wearing of identification (ID) badges, cell phone restrictions, screening and walk-through metal detectors (WTMD) procedures, after-hours inspections, e.g., MSGs, and requirement to not lock desks;

(7)  Regional security office information, including components (MSG, SEO, FSNI, LGF, surveillance detection (SD), if appropriate, etc.);

(8)  Emergency procedures including the emergency action plan, communication and radio procedures, participation in drill; terrorism, and the threat against American diplomatic missions;

(9)  Threats related to their employment;

(10) Personal security practices;

(11) Surveillance awareness;

(12) Defensive counter-intelligence and insider threat awareness briefings;

(13) How to report incidents and threats - provide emergency and after hours contact info;

(14) Penalties and consequences for not abiding by mission security procedures/policies;

(15) Signing acknowledgement of briefing and topics covered; and

(16) Exit briefing upon end of U.S. government employment

12 FAM 424.3  Spouse and Dependent Briefings

(CT:DS-268;   03-02-2017)

a. The RSO or PSO must make unclassified security briefings available for spouses, domestic partners as defined in 3 FAM 1610, and other adult dependents of post employees as soon as possible after their arrival at the post.  Regularly scheduled post orientations may be used for this purpose.  However, if a post does not have a formal orientation program, the security officer should arrange with the post’s community liaison office (CLO) to establish a dependent briefing program that would include all adult dependents.

b. The CLO can assist in the subsequent dissemination of general security information to dependents.  The RSO or PSO and CLO should jointly work out such a mechanism that possibly includes having the RSO or PSO participate in scheduled CLO dependent or community briefings.

c.  The briefing must address all threats and dangers to post personnel and dependents, and other related issues.  The following are suggested topics of discussion for such briefings:

(1)  Local criminal activity affecting personal and residential security;

(2)  High-crime areas of the city and country;

(3)  An overview of narcotics available in the country and in the U.S. community, as well as local law enforcement and judicial action;

(4)  An unclassified discussion concerning terrorist activity in the country directed against the host country, the diplomatic community, and U.S. interests;

(5)  Unclassified defensive counter-intelligence briefing;

(6)  An unclassified discussion of the post’s Emergency Action Plan (EAP) with emphasis on the warden system, actions to take during civil disorders, emergency plans for dependent schools, etc.;

(7)  The post’s specific environment, notable cultural differences, and sensitivity to host-country customs and attitudes;

(8)  Methods by which dependents can obtain information concerning the security situation; and

(9)  Emergency telephone numbers including local police, fire departments and medical resources, and post security elements.

12 FAM 424.4  Re-briefing or Refresher Briefing

(CT:DS-268;   03-02-2017)

RSO or PSO must periodically repeat briefings on the security situation at certain posts where personnel live under hostile intelligence or terrorist threats for long periods.  Updating and restating procedural details reduces their vulnerability to approach or surveillance.  Re-briefing or refresher briefings must also highlight the importance of personal security and provide employees with a Personal Security Self-Assessment Checklist.

12 FAM 424.5  Security Incident Program

(CT:DS-268;   03-02-2017)

a. RSO or PSO must brief all employees upon their arrival on the safeguarding of classified and sensitive information.  This briefing underscores the importance of handling classified material and helps to prevent security incidents.  National security-cleared local hires, to include interns not transiting through Washington DC, must read and sign form SF-312, Classified Information Nondisclosure Agreement, after receiving this briefing and before gaining access to classified information.  The RSO or PSO must forward a copy of the form to the DS/IS/APD training section.

b. RSOs and PSOs must also brief each employee who receives a security incident report, and sign as a witness to the employee’s signature acknowledging receipt of the notification packet.  The briefing must include the reason for the incident report, corrective steps, and the type of disciplinary action the employee may receive for further infractions (see 12 FAM 557).

12 FAM 424.6  Special Travel Briefings

(CT:DS-268;   03-02-2017)

Special travel briefings cover the counterintelligence regulations pertaining to employee travel to critical human intelligence (HUMINT) threat posts (see 12 FAM 264).

12 FAM 424.7  Departure Debriefings

(CT:DS-268;   03-02-2017)

a. The RSO or PSO is required to have an exit interview with all U.S. citizen employees, third-country nationals, and LE Staff before their permanent departure from post.  The security officer must interview separately each departing employee and give him or her opportunity to comment on any aspect of the post security program including:

(1)  Any significant contacts with foreign nationals of designated countries;

(2)  International travel during their tour of duty; and

(3)  Any security problems encountered.

b. The RSO or PSO must make a record of the exit interview, including any security-related comments received from the employee, and maintain such records in the post security office files.

12 FAM 424.8  Separating Employees

(CT:DS-291;   03-07-2018)

a. In accordance with 5 FAM 414.7 the RSO or PSO must give a security debriefing to personnel terminating their employment abroad and not returning to the United States, or who will otherwise be separated for a continuous period of 60 days or more.  The debriefing is mandatory to ensure that separating personnel are aware of the requirement to return all classified material and of a continuing responsibility to safeguard their knowledge of any classified information.

b. The employee must sign form DS-109, Separation Statement (RET) for records management purposes.  RSOs and PSOs must forward the completed form to the bureau HR office separating the employee.

c.  The employee must also sign the security debriefing acknowledgement section of the SF-312 Classified Information Nondisclosure Agreement form found in the employee's eOPF for security purposes.  RSOs and PSOs must forward the completed SF-312 to the bureau of Human Resources, Records and Information Management Division (HR/EX/RIM).

12 FAM 425  Regional security officer (rso) Reporting REquirements

(CT:DS-291;   03-07-2018)

a. RSOs are responsible for completing and transmitting the following reports to the Directorate for International Programs (DS/IP), the Directorate for High-Threat Programs (DS/HTP) and other required offices, as assigned, no later than the due date listed in the RSO Security Management Console:

(1)  Annual Overseas Security Advisory Council (OSAC) Crime & Safety Report;

(2)  Annual Crime Evaluation Questionnaire (ACEQ) Report;

(3)  Annual CIWG meetings and report (medium and low); or Bi-Annual CIWG Meeting and Report (critical and high);

(4)  Annual Security Environment Profile Questionnaire (SEPQ) Report;

(5)  Annual Major Events Coordination Unit (MECU) Survey for International Special Security Event Nominations;

(6)  Tri-annual Physical Fitness Report;

(7)  Quarterly Law Enforcement Availability Pay (LEAP) Report;

(8)  Quarterly Travel Report;

(9)  Constituent Post Travel Schedule and Fiscal Year Funding Estimates;

(10) Constituent Post Trip Report;

(11) Annual Fourth of July Function Security Report;

(12) Annual Marine Security Guard (MSG) Ball Report;

(13) Post Security Program Review (PSPR) Response Report;

(14) Security Policy and Procedure Checklist (SPPC)- 60 days after arrival and before departure

(15) Transition Guidelines

(16) Physical Security surveys

(17) Firearms Qualification;

(18) Post Drills;

(19) Special Protective Equipment Inventory

(20) Annual EAC Review of Armored Vehicle Program;

(21) Revised Reporting Requirements for DS special agent investigators;

(22) Annual Holiday Security Planning Report;

(23) Annual Residential Security Program Report;

(24) Local Checks Feasibility Report;

(25) Quarterly DS Insight Verification;

(26) Annual EAC review COM Security Detail; and Annual EAC review of COM detail within 30 days of arrival of new COM;

(27) Local Guard Force Personnel Record Review; and

(28) Annual Review of Annex A and Annex B Personnel.

b. All reporting must be via the RSO Security Management Console (SMC), when available

c.  All RSOs, DRSOs and ARSOs are required to report all personal and official travel to DS/IP/RD or DS/HTP/RD, as assigned via the DS Travel Locator located on the RSO SMC.