12 FAM 420


(CT:DS-399;   03-01-2023)
(Office of Origin:  DS/IP and DS/HTP)


(CT:DS-367;   09-15-2021)

a. (U) Regional security officers (RSOs) report to the chief of mission (COM) or the principal officer (PO) at Foreign Service posts regarding the implementation of Department security policies and programs abroad.

b. (U) The RSO or post security officer (PSO) and their staff are subject to the direction of the COM and, where relevant, the PO in countries assigned, or where they are present on temporary duty (TDY).

c.  (U) The deputy chief of mission (DCM) is the direct supervisor and designated rating officer for the senior RSO at post.  The COM is the designated reviewing officer for the senior RSO.  RSOs rate their immediate subordinates and the DCM serves as the reviewing official.  At constituent posts, RSOs report directly to, and are rated by, the PO.  The senior RSO in country is the reviewing officer (see 3 FAH-1 H-2813.3).

d. (U) When reporting information to Diplomatic Security (DS) headquarters while posted overseas, RSOs report to the principal deputy assistant secretary for Diplomatic Security and director of the Diplomatic Security Service (DS/DSS) through the Offices of Regional Directors within the International Programs Directorate (DS/IP/RD) or the High Threat Programs Directorate (DS/HTP/RD), as assigned.


12 FAM 422.1  (U) Regional Security Officer (RSO)

(CT:DS-367;   09-15-2021)

a. The RSO is a member of the U.S. Foreign Service and a Diplomatic Security Service special agent serving at an overseas post.  RSOs are responsible for implementing and managing the Department’s security and law enforcement programs at their assigned post and constituent post(s), if applicable.  NOTE: These are separate and distinct from the law enforcement responsibilities under the authority of the Office of Inspector General (see 1 FAM 050).  The RSO is also responsible for implementing post security policies and programs, as ratified by the COM.

b. The RSO’s responsibilities and duties are enumerated in 12 FAM 422.2 through 12 FAM 422.5.  In accordance with 2 FAM 110, the COM may reassign some specific elements to other post personnel.  If a COM changes an RSO’s duties, the RSO must notify his/her respective Office of Regional Directors (DS/IP/RD or DS/HTP/RD).

12 FAM 422.2  (U) Deputy Regional Security Officer (DRSO)

(CT:DS-367;   09-15-2021)

a. (U) In some instances, the Directorate for International Programs (DS/IP) or the Directorate for High Threat Programs (DS/HTP) may approve the establishment of a DRSO position.  The DRSO reports to the RSO, and the DCM serves as the reviewing official.

b. (U) DRSO responsibilities and duties are similar to those of an RSO.  DRSOs are assigned to posts with a large number of DSS special agents (at least four special agent positions, excluding ARSO-I positions) and serves as the rating officer for ARSOs.

c.  (U) In the absence of the RSO, the DRSO assumes the position of acting RSO.

12 FAM 422.3  (U) Deputy Regional Security Officer - Investigations (DRSO-I)

(CT:DS-367;   09-15-2021)

a. (U) In some instances, the Overseas Criminal Investigations Division (DS/INV/OCI) may approve the establishment of a DRSO-I position.  The DRSO-I reports to the RSO (see 12 FAM 013), and the mission’s senior consular official serves as the reviewing officer.

b. (U) DRSO-Is supervise five or more ARSO-Is who serve at different posts throughout their area of responsibility.  DRSO-Is coordinate operational and administrative issues pertaining to ARSO-I activities, to include criminal investigations, liaison, and training, with DS/INV/OCI.

12 FAM 422.4  (U) Assistant Regional Security Officer (ARSO)

(CT:DS-367;   09-15-2021)

(U) The ARSO is a DSS special agent and supports the RSO and (if applicable) the DRSO in managing all elements of post’s security programs as described in 12 FAM 422.  The ARSO reports directly to the RSO or the DRSO (if such a position is established at post).  An ARSO may serve as acting RSO when the RSO and DRSO are absent from post.

12 FAM 422.5  (U) Assistant Regional Security Officer - Investigator (ARSO-I)

(CT:DS-367;   09-15-2021)

a. (U) ARSO-Is, operating in concert with DS/INV/OCI, work together with the consular section to protect the integrity of the international passport and visa system and disrupt criminal and terrorist mobility by working with host nation law enforcement to combat the production and use of fraudulent travel and identity documents.  Absent exigent circumstances and approval from DS/INV/OCI and the Bureau of Consular Affairs’ Office of Fraud Prevention Programs (CA/FPP) to exceed the cap, ARSO-Is may spend up to 20 percent of their time performing RSO operations (see 12 FAM 223.2).

b. (U) ARSO-Is conduct criminal investigations relating to passport and visa fraud at U.S. missions through duties noted below.  Developing contacts with the law enforcement community, including immigration and airport officials, will not be considered the exclusive domain of either the Regional Security Office or the Consular Section (see 12 FAM 223.2-3):

(1)  (U) Maintaining effective liaison with the consular section’s management and staff;

(2)  (U) Establishing and maintaining effective liaison with U.S. Government law enforcement agencies at post;

(3)  (U) Establish and maintain effective liaison with local police, and immigration and passport officials.  Liaison with all pertinent law enforcement agencies with access to criminal intelligence, Liaison with host nation national security, border security, and law enforcement entities and leaders to build support networks.

(4)  (U) Informing DS/INV/OCI of investigative activities through reports of investigation, OCI Activity Reports (OARs)and regular monthly status reports (MSRs);

(5)  (U) In coordination with the FPM, who has lead in matters of fraud prevention training for consular personnel, participating in fraud prevention training sessions and briefings for officers, locally hired staff, contractor, and local authorities;

(6)  (U) Conducting training to build the capacity of host country contacts to identify and prosecute instances of travel document fraud including but not limited to travel document security features, imposter detection, suspect traveler profiles, and case studies (see 12 FAH-4 H-731);

(7)  (U) Developing and sharing intelligence on fraud trends and vulnerabilities with consular staff, and other appropriate audiences; and

(8)  (U) Contributing to post’s prescreening initiatives by assisting the FPM with establishment and periodic review or adjustment of prescreening criteria. (Note: the FPM in consultation with other consular managers maintains the primary responsibility for managing post’s prescreening and validation studies. See 7 FAH-1 H-943.3-1)

12 FAM 422.6  (U) Post Security Officer (PSO)

(CT:DS-367;   09-15-2021)

a. (U) A PSO is typically a U.S. Foreign Service officer designated by the COM or PO to manage security programs at a post with no resident RSO, or when the resident RSO temporarily departs post (see 12 FAM 423.5).  Most tasks assigned to PSOs are similar to those assigned to RSOs, but are limited in scope because PSOs are not DSS special agents, and do not have law enforcement authority.

b. (U) The COM must designate each PSO in writing and send a copy of the memorandum to the RSO who has regional responsibility for the post.  A PSO Designation Template can be found on the RSO SMC “Templates and Guidance” page.

c.  (U) When determining whom to designate as the PSO, the COM should consider what other duties personnel may have during emergency events as part of their core assignment duties and which personnel are best positioned in the course of their regular assignment to take on the additional tasks listed below:

(1)  (U) Administering post security policies and procedures;

(2)  (U) Administering the security incident program;

(3)  (U) Providing security briefings;

(4)  (U) Reporting threats and other correspondence relating to post security situations and programs to the RSO;

(5)  (U) Coordinating investigations of LE Staff applicants in accordance with existing liaison agreements with the host government and submitting results to the RSO;

(6)  (U) Serving as the contracting officer's representative (COR) for local guard contracts, when assigned;

(7)  (U) Managing the local guard program, as directed by the RSO;

(8)  (U) (U) Managing the bodyguard program, as directed by the RSO;

(9)  (U) Managing the surveillance detection program, as directed by the RSO;

(10) (U) Maintaining liaison with host-country officials and post officials;

(11) (U) Conducting physical security and residential security surveys on proposed new-lease or purchased residential and/or official building properties, and conducting other periodic surveys as directed by the RSO; and;

(12) (U) Supervising the local guard force coordinator, residential security coordinator and Foreign Service national investigators.

d. (U) PSOs should successfully complete the DS PSO training before they are assigned to PSO positions.

12 FAM 422.7  (U) RSO Office Management Specialist (OMS)

(CT:DS-367;   09-15-2021)

(U) U.S. direct hire employees may be assigned as RSO office management specialists (OMS) at posts where there is a resident RSO.  RSO OMS personnel perform many specialized tasks not typically performed by other OMSs and are knowledgeable about security policies and procedures.  In addition to having requisite office management skills, RSO OMS’ are also responsible for:

(1)  (U) Drafting security survey reports, investigative reports and security incident reports;

(2)  (U) Facilitating required security briefings and maintaining attendance records;

(3)  (U) Tracking and maintaining records pertaining to security infractions and violations;

(4)  (U) Assisting with the access control program, to include badging;

(5)  (U) Disseminating threat information and information regarding security policy changes; and

(6)  (U) Answering questions and resolving minor security problems in the RSO’s absence.

12 FAM 422.8  (U) Foreign Service National Investigator (FSNI)

(CT:DS-367;   09-15-2021)

a. (U) FSNIs work in the Regional Security Office and perform a variety of tasks that support the post security programs abroad primarily by:

(1)  (U) Providing expertise concerning the language, culture and customs of the host country;

(2)  (U) Maintaining contacts with police and other host-government authorities;

(3)  (U) Assisting in the protection of post and visiting U.S. Government officials;

(4)  (U) Obtaining information concerning potential security threats to the post, and terrorist related incidents such as attacks or host government counter-terrorism operations; and

(5)  (U) In accordance with 12 FAM 220, conducting investigations as assigned by the RSO, PSO or the ARSO-I to include background/security investigations, investigations for other Department bureaus and offices, investigations for other U.S. Government departments or agencies and assisting in criminal investigations abroad including crimes against post personnel.

b. (U) The RSO traditionally serves as the FSNI's primary supervisor.  However, in instances where post does not have an RSO, or he/she delegates the responsibility, DRSOs, ARSOs, ARSO-Is or PSOs may serve in this capacity.  He or she controls the FSNI’s access to information pertaining to U.S. citizens, and minimizes the use of FSNIs in investigations involving U.S. citizens.  FSNIs are prohibited from accessing the security files of U.S. citizens (except background investigations conducted under 12 FAM 423 (20), (21), and (22)) and their access to the investigative files of other foreign nationals is controlled on a need-to-know basis.  FSNIs may not review U.S. citizen-controlled post files unless those are required for a background investigation conducted under 12 FAM 423 (20), (21), or (22).

c.  (U) When determined to be necessary, and in accordance with post's Mission Firearms Policy and host nation law, FSNIs may be authorized to carry firearms.

d. (U) RSOs must ensure for all posts under their regional responsibility that all prospective FSNIs enroll and successfully complete Diplomatic Security Training Center’s (DSTC) Basic Foreign Service National Investigator’s course.  FSNIs should successfully enroll and complete training prior to employment, or as soon as possible after employment, preferably before the expiration of the employees' probationary period, to allow the RSO time to evaluate performance potential.

e. (U) The RSO must ensure each FSNI enrolls and successfully completes DSTC’s advanced FSNI course every five years following his or her initial training.

12 FAM 422.9  (U) Criminal Fraud Investigator (CFI)

(CT:DS-367;   09-15-2021)

a. (U) CFIs support the Regional Security Office’s Overseas Criminal Investigations program, are supervised by the ARSO-I, and perform a variety of tasks that support  fraud prevention and related criminal investigative programs abroad primarily by:

(1)  (U) Providing expertise concerning the language, culture and customs of the host country;

(2)  (U) Maintaining contacts with police, immigration officials, airline and airport officials, prosecutors and other host-government authorities;

(3)  (U) Obtaining information concerning travel document fraud schemes that facilitate transnational organized crimes such as human smuggling and human trafficking;

(4)  (U) In accordance with 12 FAM 220, conducting investigations of the fraudulent issuance or use of U.S. and foreign passports, visas and other travel documents, as assigned by the ARSO-I.  Additionally, fulfilment of leads for other U.S. Government departments or agencies, and assisting in criminal investigations abroad including crimes against post personnel as directed;

(5)  (U) Drafting criminal complaints for the ARSO-I’s review, approval and submission to host country police to facilitate investigations and arrests.  Testify in host country court proceedings when the request is made via a diplomatic note and approved;

(6)  (U) Planning and conducting training including, but not limited to travel document security features, fraud detection methods, imposter detection, suspect traveler profiles, case studies and in-briefings for new consular employees;

(7)  (U) Liaison with the consular section’s LE Staff, LE Staff in other sections in the U.S. embassy or consulate, and representatives from other foreign embassies and consulates; and

(8)  (U) Assisting in the protection of post and visiting U.S. Government officials as directed.

b. (U) The ARSO-I is the CFI’s rater.  He or she controls the CFI’s access to information pertaining to U.S. citizens.  CFIs must follow the relevant FAM guidance, which governs the use and sharing of U.S. visa information.

c.  (U) When determined to be necessary by the COM, and in accordance with post's Mission Firearms Policy, CFIs may be authorized to carry firearms.

d. (U) ARSO-Is must ensure their CFIs complete DSTC Basic Foreign Service National Investigator’s course, which includes the Basic Criminal Fraud Investigator course, preferably before the expiration of the employees’ probation period to allow the ARSO-I time to evaluate their performance potential.  Additionally, CFIs should complete any required online training required by the Bureau of Consular Affairs (CA), DS or the Department.

12 FAM 422.10  (U) Security Engineering Officer (SEO)

(CT:DS-367;   09-15-2021)

(U) SEOs assigned to Engineering Services Offices (ESOs) support post security programs by:

(1)  (U) Managing technical and information security programs, projects, and resources;

(2)  (U) Performing technical security assessments and recommending security upgrades to deter terrorism and technical espionage;

(3)  (U) Planning and conducting technical surveillance countermeasures (TSCM) surveys to detect, report and nullify technical penetrations, hazards or vulnerabilities;

(4)  (U) Performing other security inspections as directed by DS/C/ST;

(5)  (U) Maintaining security requirements for information processing and secure conferencing facilities; and

(6)  (U) Supervising, training, and managing technician, contractor, U.S. Navy Seabee, logistician and local staff assigned to the ESO.

12 FAM422.11  (U) Security Technical Specialist (STS)

(CT:DS-367;   09-15-2021)

(U) STSs assigned to ESOs and Technical Security Offices (TSOs) support post security programs by:

(1)  (U) Installing, maintaining, repairing, and troubleshooting technical security systems to include alarms, access control systems, locks, crash-rated anti-ram vehicle arrest systems, security video systems, computer networking equipment and forced entry ballistic resistant doors;

(2)  (U) Assisting with and/or performing technical surveys to determine technical security systems and equipment requirements;

(3)  (U) Working with and supervising LE Staff regional security technicians (RSTs);

(4)  (U) Overseeing and supervising the X-ray and explosive detection programs to include repair and performing radiation checks; and

(5)  (U) Managing technical security equipment supply chain logistics to include shipping, receiving and Bill of Material preparation.

12 FAM 422.12  (U) U. S. Navy Seabee

(CT:DS-367;   09-15-2021)

(U) U.S. Navy Seabees assigned to ESOs and Seabee Offices (CBOs) support post security programs by: 

(1)  (U) Assisting technical security personnel with the installation and maintenance of security video systems, alarm systems, locks and other specialized equipment in sensitive areas;

(2)  (U) Supporting the maintenance and repair of electromagnetic door locks, crash-rated anti-ram vehicle barriers, disintegrators and emergency notification systems; and

(3)  (U) Assisting with technical surveys and inspections in sensitive areas.

12 FAM 422.13  (U) Regional Security Technician (RST)

(CT:DS-367;   09-15-2021)

(U) Regional security technicians (RSTs) are local staff that support post security programs by:

(1)  (U) Repairing and troubleshooting perimeter technical security systems to include public address systems, forced-entry ballistic resistant doors and other technical security systems as directed by SEO or STS personnel; and

(2)  (U) Performing planned prevention, predictive, corrective and breakdown maintenance of crash-rated anti-ram vehicle arrest systems and gates.


(CT:DS-367;   09-15-2021)

(U) The RSO’s responsibilities and duties include, but are not limited to:

(1)  (U) Serving as the focal point at post for programs to protect U.S. personnel, facilities, and classified and sensitive information from terrorism, weapons of mass destruction, hostile foreign intelligence activity and criminal acts;

(2)  (U) Monitoring and inspecting the security programs at constituent posts and providing comprehensive training and planning guidance to RSOs and PSOs at these posts through periodic visits and exchanges of correspondence; and

(3)  (U) Managing the regional security office, including the supervision of any assigned personnel including, but not limited to:

(a)  (U) DRSO;

(b)  (U) DRSO-I;

(c)  (U) ARSO;

(d)  (U) DSS special agents or other personnel TDY to the RSO;

(e)  (U) RSO OMS;

(f)   (U) ARSO-I;

(g)  (U) Officer in charge (OIC) at resident ESOs, TSOs, Seabee Offices (CBOs), and Regional Technical Offices;

(h)  (U) MSGs (see 12 FAM 430);

(i)   (U) FSNIs (see 12 FAM 422.8);

(j)   (U) Local Guards employed under a personal services agreement (PSA) (see 12 FAH-7);

(k)  (U) Bodyguards employed under a PSA (see 12 FAH-15, which is pending publication);

(l)   (U) Surveillance Detection team personnel employed under a PSA (see 12 FAH-14, which is pending publication);

(m) (U) Residential security coordinators, residential security equipment technicians (RSETs); and

(n)  (U) Contract background investigators.

NOTE:  (U) SEO, STS, Seabee and other staff at an Engineering Services Center (ESC) are supervised by the responsible SEO OIC of the ESC, not the RSO.  The OIC of the ESC is normally supervised by the regional director for Security Engineering.  If an ESC is responsible for supporting only one post or one country, the OIC of the ESC will fall under RSO supervision.

(4)  (U) Maintaining official liaison with host country, third-country, and U.S. intelligence, security and law enforcement organizations to conduct exchanges of current terrorist, counterintelligence and criminal investigative data, and coordinate post defensive security programs and planning;

(5)  (U) Interpreting and reporting information of security significance developed through host country liaison activity;

(6)  (U) Serving as a member of the Emergency Action Committee (EAC), other pertinent committees, and the country team, providing security insight to other members based upon information received through foreign liaison and specialized knowledge of security policies or programs; providing the EAC an assessment of deficiencies that identifies post’s critical infrastructure assets (facilities and residences) to be protected;

(7)  (U) Establishing and managing, where required, a special security program for the personal protection of the COM and other U.S. officials, closely monitoring all available intelligence to determine the need for changes in operational protective tactics and techniques;

(8)  (U) Arranging and providing protective security coverage, host country security liaison, and other services for U.S. VIP visits and conferences within the region;

(9)  (U) Developing, as the COM or PO may direct, the security portions of post's Emergency Action Plan (EAP) and facilitating the planning, preparation and documentation of the EAP by all members of the EAC responsible for contributing to this post-wide product for the DCMs clearance and approval;

(10) (U) As the COM or PO may direct, facilitating and reporting emergency preparedness training and drills, and promoting knowledge of post's EAP;

(11) (U) Continually assessing the vulnerability of resident and constituent posts to terrorism and hostile foreign intelligence information-gathering activities, and adjusting post's defensive counterintelligence and/or counterterrorist planning and programs;

(12) (U) Reviewing current and near-term intelligence, post reporting and local news reporting on political, military, security and intelligence developments in the region to identify security concerns;

(13) (U) Preparing and coordinating comprehensive threat assessments for use by the Department and post, including revising assessments when receiving intelligence information, significant incidents occur, or conditions in country change (e.g., a sharp increase in crime);

(14) (U) Performing defensive counterintelligence training and awareness functions and coordinating activities involving U.S. officials or LE Staff who are targeted by hostile intelligence services;

(15) (U) Maintaining current knowledge of tactics and techniques used locally by hostile intelligence services;

(16) (U) Coordinating and participating in the post counterintelligence working group (CIWG);

(17) (U) Establishing and coordinating post’s law enforcement working group (LEWG);

(18) (U) Leading all interagency PR coordination under COM authority as the “incident commander” for any PR event.  These responsibilities include managing the incident and response, establishing and coordinating the Personnel Recovery Working Group, and directing U.S. Government assets to assist with Post Isolation Support;

(19) (U) Conducting investigations of allegations or occurrences involving violations of U.S. criminal law or U.S. Government regulations by Government employees, in accordance with 12 FAM 220 and 3 FAM 1812.3-4;

(20) (U) Conducting background investigations, under the standards set forth under the Overseas Vetting Guidelines, of all applicants for third-country national and LE Staff positions within the limits imposed by existing liaison agreements with the host government and as local conditions permit.  This includes making maximum use of host-country investigative records or resources, when possible, to ensure the fullest development of investigative leads and evaluating all information developed as a basis for the issuance,  denial or revocation of a security certification for employment (see 3 FAM 7222).  Refer to 12 FAM 251 for guidance on the use of polygraph in vetting LE Staff;

(21) (U) Conducting background investigations, under the standards set forth under the Overseas Vetting Guidelines, of contractors and others specified in the Overseas Vetting Guidelines, , within the limits imposed by existing liaison agreements with the host government and as local conditions permit, and/or reviewing suitability investigations conducted by contractors on their employees; evaluating all information developed as a basis for the issuance,  denial or revocation of a security certification for employment (see 3 FAM 7222);

(22) (U) Conducting background reinvestigations on all LE Staff and contract employees, under the standards set forth under the Overseas Vetting Guidelines, within the limits imposed by existing liaison agreements with the host government and as local conditions permit on a five-year cycle and evaluating the results for the purpose of issuing or denying a security recertification for employment (see 3 FAM 7222).  Refer to 12 FAM 251 for guidance on the use of polygraph in vetting LE Staff;

(23) (U) Conducting security surveys of U.S. Government-owned/leased facilities at resident and constituent posts to include mission office buildings and residences (to include hotels, TDY quarters) used by COM personnel and their dependents and, as necessary, identifying vulnerabilities/deficiencies and recommending physical and/or technical security changes or improvements revealed by such surveys, to the COM as necessary; coordinating the implementation of all approved and proposed projects until completed; conducting surveys of COM personnel offices at host nation facilities; and modifying internal defense planning concepts, as necessary, to incorporate improved physical and/or technical security features;

(24) (U) Developing, implementing, and managing post’s local guard program (LGP) (see 12 FAH-7);

(25) (U) Developing, implementing, and managing post’s bodyguard program (BGP) (see 12 FAH-15, pending publication);

(26) (U) Developing, implementing, and managing post’s surveillance detection program (see 12 FAH-14, pending publication);

(27) (U) Developing, implementing and managing post’s residential security program (RSP) (see 12 FAH-8);

(28) (U) Providing professional security advice to all personnel of U.S. country team elements at post, whether permanently assigned or sent abroad on a TDY basis, who are under COM security responsibility, their accompanying eligible family members (EFMs), and members of household (MOHs).  In conjunction with 12 FAM 424.3, the RSO should develop and make available general security handout information including, but not limited to:

(a)  (U) RSO contact information;

(b)  (U) Personal protective measures;

(c)  (U) Crime statistics and residential security concerns;

(d)  (U) Terrorist threats;

(e)  (U) Traffic accident procedures;

(f)   (U) Safeguarding sensitive and classified material (see 12 FAM 500); and

(g)  (U) Counterintelligence threat and security reporting requirements as appropriate and within applicable security clearances (see 12 FAM 260 and 12 FAM 270).

(29) (U) Formulating and conducting education and training programs pertinent to the conduct of post information security programs and ensuring adherence to Foreign Service and other pertinent U.S. Government security regulations;

(30) (U) Reporting security incidents and violations relating to unclassified and classified information to the Program Applications Division (DS/IS/APD), via the Investigative Management System (IMS) within 24 hours of discovery and investigating security incidents as a part of post’s security incident program (see 12 FAM 550 (classified information) and 12 FAM 590 (unclassified information));

(31) (U) Serving as the mission focal point for the general oversight and coordination of special security programs managed by DS offices;

(32) (U) Coordinating the conduct of technical surveillance countermeasures inspections at posts with the Office of Security Technology (DS/C/ST), the regional ESC, and, if resident, the post SEO;

(33) (U) Establishing, supporting and managing country chapters for the Overseas Security Advisory Council (OSAC);

(34) (U) Coordinating the passage of threat information to the U.S. private sector on issues affecting the safety and security of U.S. businesses, non-governmental organizations, faith-based organizations, and academic institutions at a level commensurate with host country threat conditions and in consultation with the senior consular officer (see 12 FAM 424.3);

(35) (U) Providing professional security advice and unclassified security threat briefings to administrators of schools that enroll dependents of U.S. Government direct-hire employees, to include a review of emergency response procedures, participation in emergency drills, and surveys in support of Bureau of Overseas Buildings Operations (OBO)’s overseas schools security grant program;

(36) (U) Creating, updating and distributing appropriate emergency contact information from the EAP Master Emergency Contact List to all personnel (and their family members) under COM security responsibility, whether permanently assigned or TDY.  At a minimum, emergency contact information should include local police, fire and ambulance, Post One, the RSO, embassy duty officer (if available) and embassy operator phone numbers.  This information should be distributed in a durable and convenient method such as a laminated reference card or similar method.  In addition, in coordination with the General Services Office, the RSO must provide guidance and information on immediate actions in case of a vehicular/traffic accident (translated where appropriate).

(37) (U) Conducting background investigation leads individuals at the direction of the Office of Personnel Security and Suitability (DS/SI/PSS) and within the limits imposed by existing liaison agreements with the host government;

(38) (U) Coordinating, via the DS Liaison Officers and/or the Special Operations Unit (DS/SP/SO) as appropriate, with Department of Defense (DOD) elements responsible for emergency planning, crisis response, security augmentation, evacuation support, and other DOD activities that impact RSO operations/equities;

(39) (U) Where applicable, serving as the Site Security Manager (SSM) for on-compound construction projects in accordance with the approved Construction Security Plan;

(40) (U) Ensuring, in accordance with 20 STATE 97824, that the COM and EAC have a detailed understanding of the Foreign Emergency Support Team (FEST), its capabilities and how FEST should be requested in the event of a crisis.  As early as possible during a terrorism incident, when faced with significant and credible terrorism threat information, or when requiring interagency support and expertise for post-incident consequence management, COMs should consider requesting a FEST deployment.  RSO should coordinate with DS/SP/FEST to tailor FEST composition to best meet the needs of the post;

(41) (U) Serving as the vehicle accountable officer for all DS unarmored and armored vehicles per 14 FAM 431.6-3, as well as reporting officer for all armored vehicles to ensure Overseas Security Policy Board (OSPB) standards compliance and annual accountability per 19 STATE 43201;

(42) (U) Serving as post’s custodial officer for DS SPE and other defensive equipment assigned to the post business unit; ensuring accountability for all sensitive accountable property; coordinating with DS/PSP/DEAV on annual inventory requirements, including those for other OSPB members (see 19 STATE 43201); and ensuring accurate turnover of accountable property to the new RSO upon transfer and

(43) (U) Performing additional duties as directed by a COM or DS headquarters.

12 FAM 423.1  (U) RSO and PSO Systems Security Responsibilities

(CT:DS-367;   09-15-2021)

a. (U) RSOs and PSOs work closely with the information systems security officer (ISSO) at post (see 12 FAM 613) on systems security issues and have specific responsibilities for:

(1)  (U) Ensuring all personnel with access to an unclassified/SBU or classified system have an appropriate background investigation (See 12 FAH-10 H-282.2-1 and 12 FAM 631.2-2);

(2)  (U) Coordinating post-specific briefings with the ISSO for system users upon their arrival at the post and annually thereafter, concerning the security considerations of unclassified/Sensitive But Unclassified and classified information systems, including risks specific to the local environment (See 12 FAH-6 H-541.5-8, 12 FAH-6 H-542.5-8, and 12 FAH-10 H-212.1-3(1));

(3)  (U) Issuing form OF-117, Notice of Security Incident, for security incidents on the system based upon either the RSO’s or ISSO’s investigation;

(4)  (U) Periodically checking alarm systems that protect computer equipment to ensure proper functioning; and

(5)  (U) Upon receipt, conducting or verifying the security clearances of local vendor personnel who service system components.

b. (U) Pursuant to their role as the overall manager for security at the post, RSOs or PSOs must also provide the ISSO with guidance and/or information regarding:

(1)  (U) Department prohibition on processing classified security information on an unclassified system;

(2)  (U) Physical and equipment security measures;

(3)  (U) Security processing for staff and maintenance employees with access to an automated information system;

(4)  (U) Identification of a secure storage area for backup copies of system data files and software;

(5)  (U) Reporting of suspected or reported cyber security incidents to DS/CIRT (See 12 FAH-10 H-242.5-3);

(6)  (U) Suspected incidents of fraud, misuse, or manipulation of data on a system, the unauthorized disclosure or the destruction of data, unauthorized access attempts or the personal use of system resources (See 12 FAM 632.1-7 and 12 FAH-10 H-242.5-4); and

(7)  (U) Coordination and monitoring of the conduct of periodic security indoctrination and training sessions for personnel assigned to the post.


12 FAM 424.1  (SBU) Security Directives

(CT:DS-399;   03-01-2023)

a. (U) RSOs and PSOs issue, with the approval of the COM, security directives (signed by the current COM or PO) that give detailed written instructions and/or reminders of security policies and procedures.  Security directives apply to those under COM security responsibility and those who may not be under COM security responsibility, but occupy or visit COM facilities.  Required security directives include, but are not limited to:

(1)  (U) Access control policy (see 12 FAM 441);

(2)  (U) Mission firearms policy (see 12 FAM 090 and 12 FAH-9 H-060);

(3)  (U) Travel notification policy;

(4)  Transportation security (may be combined with travel notification policy);

(5)  (U) Post emergency notification system (PENS) (see 12 FAH-1 H-035);

(6)  (U) Safeguarding Classified Policy;

(7)  (U) Post Security Incident Program (see 12 FAM 550);

(8)  (U) Walk-ins/asylum seekers policy;

(9)  (U) Foreign contact reporting policy (see 12 FAM 260);

(10) (U) Residential security policy (see 12 FAM 332.2); and

(11) (U) Personnel recovery policy.

b. (U) Security directives that include prohibitions or required actions should describe the prohibited or required activity and the consequences of a violation (e.g., severe disciplinary or corrective action up to and including removal from the post).  See 3 FAM 4377, List of Disciplinary Offenses and Penalties, which identifies the offense of “violations of other security regulations, guidelines, or instructions” and penalties ranging from “a letter of reprimand to removal.”  Post security directives must include the consequences of violating the mandatory post security policy as they relate to 3 FAM 4377.

c.  Security directives should highlight the responsibility of all supervisors to ensure full compliance.  As established in 3 FAM 4127, Personal Security Practices, supervisors and managers should ensure employees have access to useful information, Department policies and guidance concerning their personal security responsibilities.  They must ensure they do not impose working conditions such as strict adherence to arrival and departure times that keep employees from maximizing their personal security responsibilities.

d. Security directives must instruct all members of the mission to report any known or suspected violations to the RSO or appropriate supervisor.  RSO Staff brief all current personnel at post, to include third party contractors, family members, interns or others as appropriate, falling under COM security responsibility, concerning their obligation to report any known or suspected violations of post security directives to the RSO, their supervisors, the DCM or the COM.  The RSO or PSO includes this statement in his/her briefings for all incoming personnel.  Both current employees and incoming personnel must acknowledge in writing they have been briefed on their responsibility to report violations of post security directives.

e. (U) Security directives should outline a procedure for seeking exception to the directive.  The employee must request, in writing, the written approval of the COM (or COM and designee) for any exception to mandatory post security directives.

f.  (U) Security directives must remind all mission personnel of their personal security responsibility for their own and others' security.  RSO Staff must ensure all personnel are briefed and provided a personal security Self-Assessment Checklist.  Sample Self-Assessment Checklists are available in the “Templates” section of the RSO SMC.

g. (U) Security directives must be made available to personnel under COM security responsibility both through distribution at the time of publication and by placing them on the post’s intranet site on OpenNet.

h. (U) Security directives must be signed by the COM/PO.  While security directives signed by previous COM/POs remain in effect until the new COM/PO rescinds, replaces or modifies the directive, all incoming COMs/POs should review and sign security directives within 60 days of arrival to post.

12 FAM 424.2  (U) Security Notices

(CT:DS-367;   09-15-2021)

a. (U) RSOs or PSOs disseminate security notices to personnel and family members under COM security responsibility.

b. (U) Security notices can contain routine (general security practices) and non-routine (demonstrations, road closures, residential security incidents etc.) information and are intended to foster security awareness within the mission, or to inform personnel and family members under COM security responsibility of important and timely security information.

c.  (U) Security notices are typically disseminated via e-mail to post-generated e-mail distribution lists and/or via the post emergency notification system (PENS), see 12 FAH-1 H-735 for examples of PENS.

d. (U) Security notices should, whenever possible, be unclassified to ensure broad dissemination with uncleared personnel, eligible family members and members of household.  The community liaison office (CLO) coordinator can assist in the subsequent dissemination of security information to EFMs.

12 FAM 424.3 (U)  Security Messages

(CT:DS-367;   09-15-2021)

a. (U) RSOs or PSOs, assist post’s consular section with development of security messages sent to the non-official U.S. community as part of the Consular Information Program.  These messages relay unclassified threat information and comply with the Department’s No Double Standard (NDS) policy (see 7 FAM 050).  7 FAM 050 should not be interpreted to limit or otherwise hinder the RSO’s ability to perform the duties and responsibilities described in 12 FAM 424.2.  Notices sent under that section must, however, comply with the NDS policy and may require post to take additional action to warn the non-official U.S. community.

b. (U) RSOs or PSOs, in coordination with post’s consular section, ensure all threat notifications made to U.S. private sector organizations at post are coordinated with Overseas Security Advisory Council (DS/DSS/OSAC) to ensure simultaneous or near-simultaneous threat warning is also conveyed to the domestic headquarters of the U.S. organization.

12 FAM 424.4  (U) Security Briefings

(CT:DS-367;   09-15-2021)

(U) RSOs and PSOs must provide briefings on specific security policies, procedures and techniques to all personnel at post, to include family members, interns, or others as appropriate, falling under COM security responsibility, in order to maintain a high level of employee security awareness, as well as to third-party contractors to maintain security awareness and appropriate coordination with those under COM security responsibility.  As threat situations change, the RSO or PSO must provide briefings for senior post officials and other U.S. Government personnel under COM security responsibility.

12 FAM 424.5  (U) New Arrival Briefings

(CT:DS-367;   09-15-2021)

a. (U) RSO Staff must provide a mandatory comprehensive security briefing to U.S. Government personnel under COM security responsibility, to include  family members, interns or others as appropriate, shortly after their arrival in country.  RSO staff must also brief third-party contractors.  The briefing must acquaint newly arrived personnel with post’s security situation and the total security environment, including the general security requirements and procedures in effect.  The briefing must also highlight the importance of attention to personal security and include a Personal Security Self-Assessment Checklist.

b. (U) Routine arrival briefings must include general counter-terrorism and counter-intelligence policies and procedures relating to the post and country of assignment.

c.  (U) An outline must be used at each briefing to ensure all required subjects are covered.  The new arrival security briefing should be posted to post’s intranet OpenNet site so U.S. Government personnel under COM security responsibility and third party contractors can review it following the actual new arrival security brief and to make it available to TDY personnel in advance of their travel to post.  The RSO or PSO must maintain a record of all briefings, including the dates and names of all individuals briefed, and must establish procedures for ensuring participation by all those required to participate.  Each participant must sign an acknowledgement form that he or she has been briefed, received a copy of the checklist, and understands the material covered.  The form must also indicate topics covered during the briefing.

d. (U) The RSO or PSO must make available to TDY personnel, who are unable to attend the normal RSO/PSO new arrival briefing, a written or oral security briefing covering the topics listed in 12 FAM 424.2 below and provide them with a copy of the Personal Security Self-Assessment Checklist.  TDY personnel will sign an acknowledgement form of the briefing and topics covered and receipt of the Personal Security Self-Assessment Checklist.  The RSO/PSO must maintain this briefing acknowledgement form in the post security office files in accordance with the Department’s Records Disposition Schedule.

12 FAM 424.6  (U) Locally Employed (LE) Staff Briefings

(CT:DS-367;   09-15-2021)

a. (U) Unclassified briefings are required for all new and incumbent LE Staff personnel (see 3 FAM 7120).  The RSO will present an appropriate briefing for locally-hired Americans who receive a security clearance.  RSOs may delegate this duty, as appropriate.

b. (U) At a minimum, unclassified briefings will cover:

(1)  (U) Access controls, escort requirements;

(2)  (U) Protection of identification media;

(3)  (U) Handling and protection of sensitive information;

(4)  (U) Computer security;

(5)  (U) Respecting and avoiding restricted areas;

(6)  (U) Procedural security including: wearing of identification (ID) badges; cell phone restrictions; screening and walk-through metal detectors (WTMD) procedures; after-hours inspections, e.g., MSGs; and the requirement that desks remain unlocked;

(7)  (U) RSO information, including components (MSG, SEO, FSNI, local guards, bodyguards, Surveillance Detection Team, if appropriate, etc.);

(8)  (U) Emergency procedures including the emergency action plan, communication and radio procedures, participation in drills, terrorism and the threat against American diplomatic missions;

(9)  (U) Threats related to their employment;

(10) (U) Personal security practices;

(11) (U) Surveillance awareness;

(12) (U) Defensive counterintelligence awareness briefings;

(13) (U) How to report incidents and threats – provide emergency and after hours contact info;

(14) (U) Penalties and consequences for not abiding by mission security procedures/policies;

(15) (U) Signed acknowledgement of briefing and topics covered; and

(16) (U) Exit briefing upon end of U.S. Government employment.

12 FAM 424.7  (U) Eligible Family Member/Member of Household Briefings

(CT:DS-367;   09-15-2021)

a. (U) The RSO or PSO must make unclassified security briefings available for all adult EFMs, as defined in 14 FAM 511, as soon as possible after their arrival at the post.  Regularly scheduled post orientations may be used for this purpose.  However, if a post does not have a formal orientation program, the RSO or PSO should arrange with the post’s CLO to establish a dependent briefing program that would include all adult EFMs.

b. (U) The RSO or PSO and CLO should jointly work out such a mechanism that possibly includes having the RSO or PSO participate in scheduled CLO dependent or community briefings.

c.  (U) The briefing must address all threats and dangers to individuals under COM security responsibility, and other related issues.  The following are suggested topics of discussion for such briefings:

(1)  (U) Local criminal activity affecting personal and residential security (use all equipment such as locks, alarms, grill release devices, etc.);

(2)  (U) High-crime areas of the city and country;

(3)  (U) An overview the local law enforcement and their capability to respond to emergencies;

(4)  (U) An unclassified discussion concerning terrorist activity in the country directed against the host country, the diplomatic community, and U.S. interests;

(5)  (U) Unclassified defensive counterintelligence briefing;

(6)  (U) An unclassified discussion of the post’s EAP with emphasis on the warden system, actions to take during civil disorders, emergency plans for dependent schools, etc.;

(7)  (U) The post’s specific environment, notable cultural differences, and sensitivity to host-country customs and attitudes;

(8)  (U) Methods by which dependents can obtain information concerning the security situation; and

(9)  (U) Emergency telephone numbers including local police, fire departments, medical resources and post security elements.

12 FAM 424.8  (U) Refresher Briefing

(CT:DS-367;   09-15-2021)

a. (U) The RSO or PSO must provide an annual refresher briefing to all U.S. Government personnel under COM security responsibility and TPCs at posts rated critical for terrorism or HUMINT.  All other posts are encouraged to offer refresher briefings when there is a significant change in post’s security environment.  The RSO or PSO should make refresher briefings available to adult EFMs and MOHs on a voluntary basis, regardless of the security environment.

b. (U) Updating and restating procedural details helps to keep personnel and EFMs/MOHs apprised of evolving terrorism and counterintelligence threats.  Refresher briefings must highlight the importance of personal security, provide employees with a Personal Security Self-Assessment Checklist, and reiterate the information provided in the new arrival briefing.

c.  (U) The RSO or PSO must maintain a record of all refresher briefings, including the dates and names of all individuals briefed, and must establish procedures for ensuring employee participation.  Each participant must sign an acknowledgement form that he or she has been briefed, has received a copy of the checklist, and understands the material covered.  The form must also indicate topics covered during the refresher briefing.

12 FAM 424.9  (U) Security Incident Program Briefings

(CT:DS-367;   09-15-2021)

a. (U) The RSO or PSO must brief all U.S. Government personnel under COM security responsibility upon their arrival on the safeguarding of classified and sensitive information.  This briefing underscores the importance of properly handling classified material and helps to prevent security incidents.  National security-cleared EFMs, local hires and interns who have not received clearance prior to arriving at post, must read and sign form SF-312, Classified Information Nondisclosure Agreement, after receiving this briefing and before gaining access to classified information.  The RSO or PSO must retain the form at post.

b. (U) RSOs and PSOs must also brief each employee who receives a security incident report, and sign as a witness to the employee’s signature acknowledging receipt of the notification packet.  The briefing must include the reason for the incident report, corrective steps and the type of disciplinary action the employee may receive for further infractions or violations (see 12 FAM 557).

12 FAM 424.10  (U) Special Travel Briefings

(CT:DS-367;   09-15-2021)

(U) Special travel briefings cover the counterintelligence regulations pertaining to employee travel to critical HUMINT threat posts (see 12 FAM 264).

12 FAM 424.11  (U) Departure Debriefings

(CT:DS-367;   09-15-2021)

a. (U) The RSO or PSO is required to have an exit interview with all U.S. Direct Hire personnel and LE Staff before their permanent departure from post.  The RSO or PSO must interview separately each departing employee and give him or her opportunity to comment on any aspect of the post security program including:

(1)  (U) Any significant contacts with foreign nationals of designated countries;

(2)  (U) International travel during their tour of duty; and

(3)  (U) Any security problems encountered.

b. (U) RSO or PSO must debrief these personnel upon termination of post employment, document the debriefing on the SF-312and retain the form at post.

c.  (U) The RSO or PSO must make a record of the exit interview, including any security-related comments received from the employee, and maintain such records in the post security office files.

12 FAM 424.12  (U) Separating Employees

(CT:DS-367;   09-15-2021)

a. (U) In accordance with 5 FAM 414.7, the RSO or PSO must give a security debriefing to personnel terminating their employment abroad and not returning to the United States, or who will otherwise be separated for a continuous period of 60 days or more.  The debriefing is mandatory to ensure that separating personnel are aware of the requirement to return all classified material and of a continuing responsibility to safeguard their knowledge of any classified information.

b. (U) For security purposes, the employee must also sign the security debriefing acknowledgement section of the SF-312 Nondisclosure Agreement form found in the employee's eOPF.  RSOs and PSOs must forward the completed SF-312 to the Bureau of Global Talent Management, Records and Information Management Division (GTM/EX/RIM).

12 FAM 425  (U) RSO Reporting to DS Headquarters

12 FAM 425.1  Security Incidents Affecting COM Interests

(CT:DS-367;   09-15-2021)

a. (U) DS personnel and others with security responsibilities must immediately report all incidents (such as threats and attacks, actual or possible demonstrations affecting U.S. interests, planned or actual kidnappings of U.S. Government personnel, significant residential security incidents (e.g. burglaries, break-ins) or other issues affecting the security of the U.S. mission) to DS/IP or DS/HTP, as assigned, and to the DS Command Center.  PSOs should report to the responsible RSO.

b. (U) For significant incidents, the DS Command Center serves as a central point for receiving and disseminating information.

12 FAM 425.1-1  (U) Spot Report

(CT:DS-367;   09-15-2021)

(U) For significant incidents at post, RSOs and PSOs should notify the DS Command Center by telephone and then via email to report any significant events occurring at post.  When the situation allows, RSOs and PSOs should make every effort to report the event via the Spot Reporting Tool, as the most appropriate means for reporting preliminary information.  The DS Command Center will then notify DS/IP or DS/HTP, any relevant supporting offices, and DS Senior Leadership on behalf of the RSO or PSO.

12 FAM 425.1-2  (U) Terrorism Reporting (TERREP)

(CT:DS-367;   09-15-2021)

a. (SBU) Department cables remain the primary method of officially reporting threat and security-related information.  All terrorism-related information must be reported via a TERREP cable (a listed ‘caption’ in SMART) as soon as possible.  This includes: all terrorism-related threats to personnel under COM security responsibility, to include local staff; all terrorist threats or attacks against U.S. and Western interests; surveillance incidents involving likely terrorist activity or nexus to known terrorists; and any other terrorism-related activity that impacts the local security environment even if it does not involve a specific threat to U.S. interests.

b. (SBU) TERREP messages must either be classified or, if unclassified, include the SENSITIVE caption.  The TERREP cable has a wide distribution across the interagency community.  Employees should NEVER use DS Channel or DSX Channel to report threat information.  When reporting TERREP information, NEVER use the “Addressee Only” option (in the “SMART Options” tab when drafting a cable).  Additionally, do NOT enter free-form addresses in the “Message Addressing” dialogue box (commonly known as the “Pass Line” expandable under the “SMART Options” tab when drafting a cable).  Should the TERREP cable contain PII, please uncheck the “Addressee Only” box before sending.  Detailed instructions on TERREP reporting, and a template, can be found on the CLAN RSO SMC.  Failure to follow these specific TERREP procedures will result in the cable not being properly distributed within the interagency

12 FAM 425.1-3  (U) Security Incident Management Analysis System (SIMAS)

(CT:DS-367;   09-15-2021)

a. (SBU) SIMAS II is a web-based software application designed to serve as the central repository for information collected by DS’ worldwide surveillance detection program and other RSO staff.  It is used to document all surveillance, suspicious incidents, unmanned aerial systems sightings, acts of terrorism, demonstrations, and crime occurring at and around U.S. Government facilities overseas.  Refer to 12 FAM 482.3 for examples of hostile activity requiring a SIMAS II entry.

b. (SBU)  All suspicious incident reports must be entered into SIMAS II within 24 hours of collection and must be evaluated within 72 hours by the RSO, who will assign the report a priority level as follows:

(1)  (U) High:  Indicators of hostile surveillance and/or a significant event impacting mission operations or security;

(2)  (U) Medium:  Incidents that constitute indicators of suspicious activity; and

(3)  (U) Low:  Incidents described as benign following interdiction and/or investigation.

c.  (SBU) Acts of crime requiring a SIMAS II entry include incidents directed against COM personnel, as well as significant acts against non-COM American citizens or expatriates who reside near and/or occupy a similar "footprint" as the COM community. 

d. (SBU) All demonstrations occurring at or near a U.S. Government facility must be documented with a SIMAS II entry.  An entry is mandatory prior to a demonstration if the RSO has advance knowledge of the event or at the conclusion of the demonstration if it was unforeseen.

e. (SBU) A SIMAS II entry does not automatically require a subsequent Spot Report unless the incident or event is significant and/or meets the criteria in 12 FAM 425.1-1.  Submission of a Spot Report regarding an incident or event does not negate the requirement for a SIMAS II entry.  Events such as suspected or confirmed terrorist surveillance must be reported via each of the three mechanisms identified in 12 FAM 425.1-1, 2, 3 (Spot Reports, TERREP cable, and SIMAS II).

12 FAM 425.1-4  (U) DS and DSX Channels—General Guidance

(CT:DS-367;   09-15-2021)

a. (U) DS channel-captioned messages provide control over communications between DS and the RSO on highly sensitive security matters and must be used only for this purpose.  The strictest need-to-know principle applies to such communications.  The need-to-know principle does not relieve the RSO of the obligation to keep the COM or other responsible officers informed on matters of official interest, relating to personnel or operations of any post, under the authority of the COM.  The COM must be kept fully and currently informed with respect to all activities and operations of the U.S. Government within the country.  Because cable distribution is appropriately restricted to specified DS personnel, sharing such information with the COM should, when possible, be personally conveyed to preclude disclosure to others (see 5 FAH-2 H-443).

b. (U) The DS channel is used for cables between the RSO and DS headquarters concerning:

(1)  (U) Criminal investigations involving U.S. citizens or foreign nationals who are    not U.S. Government employees;

(2)  (U) Special protective equipment (shipment; receipt; maintenance/repairs; HAZMAT resupply; current holdings; etc.); and

(3)  (U) Other sensitive subjects the drafter deems should be restricted to DS personnel at posts or within the Department.

c.  (U) RSOs or PSOs must ensure Information Programs Center (IPC) distribution is in accordance with 5 FAH-2 H-443.  The Executive Director for Diplomatic Security (DS/EX) authorizes access to DS channel message traffic at the DS headquarters level.  This caption may only be used laterally in the field.  ASEC is the only TAGS used on DS channel message traffic.

d. (U) The DSX channel is used for very sensitive information cables between RSOs and DS headquarters concerning criminal and special investigations.

e. (U) RSOs must ensure IPC distribution is in accordance with 5 FAH-2 H-443.  The DS Domestic Operations Directorate authorizes access to DSX channel message traffic at the headquarters level.  This caption may be used laterally in the field.  ASEC are the only TAGS used on DSX message traffic:

(1)  (U) Overseas:  DSX channel access is limited to the RSO, one special agent back-up (normally the DRSO or senior ARSO) and the ARSO-I.  Access overseas is limited to DS special agents;

(2)  (U) Domestically:  Access and distribution are limited to supervisory personnel in DS investigative offices and to the DS Deputy Assistant Secretaries for DS/IP, DS/HTP, the Directorate for Threat Investigations and Analysis (DS/TIA) and limited numbers of other personnel, as approved by the DSS Director or DS/DO DAS; and

(3)  (U) More information on DSX channel, uses, and access can be found at 5 FAH-2 H-443.

12 FAM 425.1-5  (U) Security Incidents

(CT:DS-367;   09-15-2021)

(U) Security incidents and violations relating to  classified (see 12 FAM 550) and unclassified information (see 12 FAM 590) must be reported within 24 hours of discovery to the Program Applications Division (DS/IS/APD).  Reporting a possible or actual compromise of classified information must be submitted directly via the Investigative Management System (IMS).

(1)  (U) Upload form OF-117, Notice of Security Incident, as it is received or initiated, and form OF-118, Record of Incident, in IMS as soon as it is fully processed by DS/IS/APD.  The RSO or PSO must inform DS/IS/APD if the form OF-118 completion date is expected to occur more than 30 days from the date of the incident (12 FAM 553); and

(2)  (U) Cable reporting is not acceptable.  RSOs should retain the original forms at post as a record subject to potential  OIG inspection  for three years. Do not forward hardcopy documents via diplomatic pouch to DS/IS/APD.

b. (U) All reports must be submitted via IMS.  Refer to the DS/IS/APD Web site for detailed instructions regarding processing security incidents.

12 FAM 425.1-6  (U) Diplomatic Security Operations Cables (PDSO)

(CT:DS-367;   09-15-2021)

(U) Diplomatic Security personnel are encouraged to report information that may be of value to the Department and the interagency.  The Diplomatic Security Operations (PDSO) TAG was created for these reports.  The PDSO TAG is used for cables between the RSO and DS headquarters concerning:

(1)  (U) Information on the security situation in the relevant geographic region that is not contained in other cables, and

(2)  (U) Is outlined as relevant in 19 STATE 23203 and 21 STATE 4501.

b. (U) PDSO cables should either be classified or, if unclassified, include the SENSITIVE caption. The PDSO cable has a wide distribution across the interagency community.

12 FAM 425.2  (U) RSO Staffing Gaps and Requesting TDY Support

(CT:DS-367;   09-15-2021)

a. (U) Posts are encouraged to identify breaks in security personnel staffing that may require temporary duty (TDY) coverage.  Posts must direct their requests for TDY security personnel to DS/IP/RD or DS/HTP/RD via the TDY Support Request Form within RSO Tools.  RSOs must report any planned or emergency absences to their respective DS/IP or DS/HTP regional director as soon as possible.

b. (U) DS/IP and DS/HTP do NOT provide TDY RSO support for RSO personnel who need to take home leave, military leave, annual leave, family leave, medical/sick leave, or R&R.  Exceptions to this policy are considered solely on a case-by-case basis for posts experiencing unique and ongoing hardships/circumstances and unanticipated emergencies or contingency situations.

c.  (U) DS may, on a case-by-case basis, consider TDY RSO support to cover gaps in excess of 30 days if:

(1)  (U) An unmanageable staffing gap emerges in connection with a permanent change of station (PCS) transfer to a priority staffing post (PSP);

(2)  (U) Prolonged medical leave is required;

(3)  (U) There is no other DS special agent or trained PSO at post.  SSM directly support the OBO and should not serve as a back-up RSO;

(4)  (U) There are current, significant, and ongoing threats or crime conditions at post;

(5)  (U) The request is received with sufficient lead time to permit an orderly selection and briefing of the TDY replacement; and

(6)  (U) Sufficient funding for the TDY RSO is available.

d. (U) DS/IP or DS/HTP must notify the Counterintelligence Division (DS/ICI/CI) of significant breaks in security personnel staffing at critical human intelligence (HUMINT) threat posts, and coordinate requests for TDY support from those posts with DS/ICI/CI (see 1 FAM 260).

e. (U) ARSO-Is should be tasked with serving as the acting RSO as a last resort, and only after the approval from DS/INV/OCI and CA/FPP.  DS/INV/OCI and CA/FPP will evaluate such requests on a case-by-case basis, and only after verifying with DS/IP or DS/HTP that the commitment is not open ended.


(CT:DS-399;   03-01-2023)

a. (U) RSOs are responsible for completing and transmitting the following reports to respective program offices no later than the due date listed in the DS Security Management Console (SMC):

(1)  (U) Overseas Security Advisory Council (OSAC) Country Security Reports (CSRs), with annual update deadlines established individually for each post, and periodic updates based on changes in security environment (DS/DSS/OSAC);

(2)  (U) OSAC Country Chapter Assessment Survey (DS/DSS/OSAC);

(3)  (U) Revised reporting requirements for DS special agent investigators:  Monthly Status Report (MSR); OCI Activity Reports (OARs) ; Post Transition Report (PTR); reported via DS/DO/OCI’s SharePoint site;

(4)  (U) Annual CIWG meetings and report (medium and low); or semi-Annual CIWG meeting and report (critical and high) (DS/ICI/CI).  Reported via cable and uploaded to CLAN RSO SMC;

(5)  (U) Annual Major Events Coordination Unit (MECU) Survey for International Special Security Event Nominations (DS/DO/P/DP-ME);

(6)  (U) Annual Fourth of July Function Security Report (DS/IP/RD or DS/HTP/RD);

(7)  (U) RSO Transition Report (DS/IP/RD or DS/HTP/RD) reported via RSO Tools;

(8)  (U)  Annual Holiday Security Planning Report (DS/IP/RD or DS/HTP/RD);

(9)  (U) Election Security Report (DS/IP/RD or DS/HTP/RD), as needed;

(10) (U) Annual EAC review of COM Security Detail; and EAC review of COM detail within 30 days of arrival of new COM (DS/IP/OPO).  Reported via EAC cable;

(11) (U) Annual Marine Security Guard (MSG) Ball report (DS/OPO/FPD) reported via RSO Tools;

(12) (U) Marine Security Guard (MSG) drills (DS/OPO/FPD) reported via RSO Tools;

(13) (U) Annual Review of Department of Defense Annex A and Annex B Personnel (DS/HTP/SP).  Reported via cable;

(14) (U) Post Drills coordinated by RSO.  Reported via the Post Emergency Guidance and Authoring System (PEGASYS) (DS/HTP/SP);

(15) (U) Physical Security surveys.  Reported via DS/PSP/PCD CLAN Physical Security Survey tool (DS/C/PSP);

(16) (U) Annual Residential Security Program report (DS/PSP/PCD);

(17) (U) Defensive Equipment Inventory (DS/PSP/DEAV) including Special Protective Equipment, Personal Protective Equipment, HAZMAT and other OSPB inventory per 19 STATE 43201.;

(18) (U) Annual EAC Review of Armored Vehicle Program (DS/PSP/DEAV).  Reported via cable and AV EAC Tracker in SMC; and

(19) (U) Local Checks Feasibility report (DS/SI/PSS).

b. (U) Visit the RSO SMC for updated guidance related to reporting mechanisms.

c.  (U) All requests for travel funding and gratuities must be entered in RSO Tools on an as needed basis.

d. (U) Constituent Post Trip Reports must be transmitted to the respective Office of Regional Directors via RSO Tools.  Constituent post travel is defined as any travel for the purpose of providing oversight of ancillary facilities by monitoring or inspecting security programs.

e. (U) All RSOs, DRSOs and ARSOs are required to report all personal and official travel to DS/IP/RD or DS/HTP/RD, as assigned via the DS Travel Locator located on the RSO SMC.


12 FAM 426.1  (U) Purpose

(CT:DS-367;   09-15-2021)

a. (U) In accordance with chief of mission (COM) responsibilities under relevant U.S. laws and Presidential Directives, the purpose of the Law Enforcement Working Group (LEWG) is to provide the COM and/or their designee with necessary information and expertise on law enforcement operations, to include operations involving armed law enforcement personnel. Additionally, the LEWG is a forum to discuss law enforcement assistance programs so that the COM can ensure activities are properly coordinated and deconflicted.  In support of the COM, the LEWG will:

(1)  (U) Keep the COM fully informed of current and planned U.S. law enforcement operations to include those involving armed law enforcement personnel, law enforcement assistance programs and key host government law enforcement issues;

(2)  (U) Constitute the primary forum at post to coordinate U.S. law enforcement operations and law enforcement assistance programs under COM authority;

(3)  (U) Assess threats and risks to U.S. law enforcement and other personnel implementing law enforcement operations and law enforcement assistance programs and programs in country; and

(4)  (U) Pursuant to 22 U.S.C. 2291(c), on request, provide advice to the COM on action related to requests by U.S. Government law enforcement personnel to be present at foreign law enforcement actions.

b. (U) For the purpose of this section, law enforcement assistance programs include bilateral or multilateral foreign assistance programs where the intended beneficiary is a host nation law enforcement unit authorized to use force for mission accomplishment.

c.  U.S. national security intelligence activities are not part of, nor intended to be included in, the LEWG function.

12 FAM 426.2  (U) Composition of the LEWG

(CT:DS-367;   09-15-2021)

a. (U) The LEWG shall consist of representatives from all sections or agencies that implement and/or support law enforcement operations and/or law enforcement assistance programs in the COM’s area of responsibility.  LEWG membership will vary from post to post based on the agencies represented at post. 

(1)  (U) Chair: The COM will chair the LEWG or delegate chair responsibilities to the deputy chief of mission (DCM); and

(2)  (U) As the principal law enforcement and security advisor to the COM, post's RSO will serve as the LEWG coordinator.  If there is no RSO at post, the RSO with regional responsibility must include issues for constituent posts in their LEWG.

b. (U) LEWG Participation:

(1)  (U) Officers representing each law enforcement agency at post shall participate  in the LEWG.  For sections that have more than one sworn law enforcement officer, the chair will determine the number of representatives on the LEWG from each office based on recommendations from the senior law enforcement officer from each section or agency and post’s priorities;

(2)  (U) Representatives from post’s sections or agencies engaged in law enforcement or other applicable law enforcement assistance programs shall participate in the LEWG.  The chair will determine the number of representatives from each office based on recommendations from the senior office representative and post’s priorities;

(3)  (U) When consistent with applicable legal authorities, the chair may authorize limited or expanded participation based on the topics scheduled to be discussed;

(4)  (U)The chair may authorize participation of other U.S. Government personnel not under COM authority if responsibilities of those personnel impact or overlap with the COM’s law enforcement responsibilities;

(5)  (U) U.S. Missions to International Organizations:  Generally, COMs representing the United States at International Organizations (IO) overseas do not oversee law enforcement operations or programs that are independent of a bilateral COM.  As a result, LEWGs are not required at U.S. missions to IOs;

(6)  (U) LEWG Subgroups:  Based on recommendations from LEWG members, the chair may authorize the convening of subgroups to address sensitive or specific topics that require the participation of a subset of LEWG members.  LEWG subgroups may include:

(a)  (U) A subgroup consisting of only those persons authorized to have access to law enforcement sensitive (LES) information may be convened for the purpose of discussing LES information;

(b)  (U) A subgroup convened with relevant operational and programmatic offices to coordinate operational and/or programmatic overlap when necessary.  Offices with operational responsibility should participate in any discussion that takes place regarding the operation; and

(c)  (U) A subgroup to discuss and deconflict law enforcement assistance programs and initiatives.  As appropriate, including assistance providers in meetings related to operations helps the assistance providers better understand the needs and capabilities of host nation law enforcement counterparts to improve assistance program design and implementation.

c.  (U) Frequency:  The chair will determine the frequency of LEWG meetings based upon the requirements of the particular post.  In addition to LEWG meetings set by the chair, the LEWG must convene in the following circumstances:

(1)  (U) On an annual basis to establish LEWG membership, review ongoing operations, and schedule LEWG meetings as needed; post must transmit a cable stating that this requirement has been fulfilled (see 12 FAM 426.5); and

(2)  (U) Prior to the COM’s approval of a specific law enforcement activity or series of activities that could affect COM foreign policy objectives, post security operations, or potentially interfere with other law enforcement activity.

d. (U) Exceptions: Certain sensitive information, including but not limited to compartmented information, time-sensitive information (e.g., lures, provisional arrest requests), or information that presents a conflict of interest to certain members of the LEWG, may be briefed directly to the COM.

12 FAM 426.3  (U) Responsibilities of the LEWG

(CT:DS-399;   03-01-2023)

a. (U) Responsibilities of the LEWG include, but are not limited to:

(1)  (U) Assessing threats and risks to the health, safety, and security of U.S. law enforcement personnel under COM security responsibility undertaking operations or law enforcement liaison activity in country;

(2)  (U) Reviewing operational plans, including plans related to U.S. participation in foreign police activities where U.S. direct-hire or contracted personnel may serve as advisors or mentors.  At a minimum, operational plans must address potential use of force, after action reporting, post incident reporting procedures, weapons use and carry, host nation consent, medical, legal and diplomatic immunity issues;

(3)  (U) Pursuant to 22 U.S.C. 2291(c), on request, providing advice to the COM on action related to requests by U.S. Government direct hire or contracted personnel to be present at foreign law enforcement actions;

(4)  (U) Assessing the host government's law enforcement capabilities, willingness, and limitations;

(5)  (U) Using the above assessments to ensure that post speaks with a consistent voice to the U.S.-based law enforcement community and to address agency specific reporting requirements, as well as to inform RSO briefings to U.S. embassy or consulate staff on interactions with host nation law enforcement, consular and duty officer interactions with host nation law enforcement, and agency specific briefings to incoming law enforcement personnel;

(6)  (U) Ensuring agency-specific operations do not conflict with other U.S. law enforcement operations, and that the COM is fully informed of the nature of all operations, safety of personnel--including but not limited to those under COM security responsibility--, the potential for the use of force, medical contingencies, risks, goals, opportunities, and diplomatic immunity status of participating U.S. personnel or contract personnel conducting U.S. Government executive branch activities under COM authority;

(7)  (U) De-conflicting investigative or operational overlap at post between different U.S. agencies so the U.S. Government speaks with a single voice, and agency requirements are met to the maximum extent feasible;

(8)  (U) In countries that receive law enforcement assistance, assessing the strengths, weaknesses, and needs of foreign law enforcement partners, and their ability to make effective use of U.S. assistance;

(9)  (U) Ensuring that law enforcement assistance programs are complementary, taking into account Mission-wide priorities for the law enforcement sector;

(10) (U) Ensuring that security and law enforcement sector foreign assistance is consistent with the goals and objectives articulated in the Integrated Country Strategy and other regional and topical Administration strategies, as well as providing the foreign assistance team with expertise from U.S. law enforcement representatives at post; and

(11) (U) Coordinating and sharing information related to law enforcement and related law enforcement assistance programs to maximize the alignment and impact of U.S. foreign assistance resources.

b. (U) LEWG responsibilities should not duplicate or replace functions of the Emergency Action Committee, Counterintelligence Working Group, or any other post working group or committee on which LEWG members may also participate.

12 FAM 426.4  (U) LEWG at Constituent Posts

(CT:DS-367;   09-15-2021)

a. (U) The COM must determine if separate LEWGs will be established at constituent posts or if constituent post participants will be integrated into the mission LEWG.  This decision should be based on factors that are specific to the constituent post, including:

(1)  (U) RSO staffing;

(2)  (U) Number of law enforcement agencies;

(3)  (U) Frequency of law enforcement operations;

(4)  (U) Number of law enforcement assistance programs;

(5)  (U) Potential for law enforcement operations or assistance programs; and

(6)  (U) Feasibility of communication (i.e., secure video teleconferencing, distance between posts, etc.).

b. (U) If the COM determines that a separate LEWG at a constituent post is warranted, the COM must designate the principal officer (PO) of the constituent post as the chair in writing and delegate appropriate authority to the PO to lead the LEWG.  If a particular activity at the constituent post involves extraordinarily sensitive information that the agency involved believes should not be shared with the PO, the agency may request the activity be referred to the COM-chaired LEWG.

c.  (U) Senior RSOs who cover constituent posts or multiple missions must formally notify their respective Office of Regional Directors in the International Programs (DS/IP) or the High Threat Programs (DS/HTP) directorates of the COM’s decision regarding all post LEWG arrangements via cable.  The Senior RSO at the Mission is responsible for transmitting the LEWG cable (see 12 FAM 426.5 Reporting Requirements).

d. (U) If a constituent post has a separate LEWG, the COM may require joint meetings of all LEWGs at the Mission.  Additionally, the COM or respective LEWG chairs may allow cross-participation of LEWG members throughout the Mission. 

e. (U) LEWG coordinators for the main and constituent LEWGs should coordinate agendas for their respective LEWGs and, to the extent permissible by law, keep one another informed of actions and decisions that affect the other.  All disagreements must be immediately raised to the respective chairs for resolution.  If the chairs cannot reach resolution, the COM must resolve the disagreement.

12 FAM 426.5  (U) LEWG Reporting Requirements

(CT:DS-367;   09-15-2021)

a. (U) The RSO will send an annual cable that will include the following: a summary of the composition of the LEWG; meeting frequency; and confirmation that the LEWG has reviewed this FAM and understands its mission and purpose.  In instances where an RSO covers multiple constituent posts or multiple missions, the Senior RSO is responsible for transmitting this cable.

b. (U) The cable must not include any specifics on law enforcement operations or LEWG discussion topics.

c. (U) RSOs should refer to the RSO SMC for drafting assistance.  Please contact your respective DS/IP or DS/HTP desk officer with any questions.