Operations Security (OPSEC) Program
The Colorado School of Mines Operations Security (OPSEC) Program incorporates the elements outlined below. At the present time, Colorado School of Mines has no facility clearance, manages no research projects classified for national security, and oversees no personnel clearances.
Mines establishes technology control plans (TCP) for all research projects restricted for reasons of export controls or controlled unclassified information. Members assigned to these research teams receive training related to the security measures in their project’s TCP. This training includes the basic concepts of OPSEC awareness.
In accordance with the National Industrial Security Program Operating Manual (NISPOM), Mines has no formal Industrial Security program. The National Operations Security Program was designed to protect classified information or the aggregation of unclassified information that might reveal classified information, per NSDD 298. Mines manages no classified research, but adopts portions of the OPSEC program that are appropriate for the protection of export restricted or controlled unclassified information.
The Information Technology Solutions (ITS) division of the Colorado School of Mines maintains an Information Security (IS) Program under the direction of the Chief Information Officer and Chief Information Security Officer.
The Mines IS Program uses the NIST Cybersecurity Framework to incorporate risk-based management, operational and technical controls into all IT operations. These controls include:
- Policies and procedures that reduce risk.
- Information security plans that document how data is protected in information systems, networks, and facilities.
- Security awareness training related to the risks associated with user activities.
- Security control testing and evaluation including policies, procedures, practices, and security control implementation.
- Processes to identify, evaluate, document, and implement remedial actions based on security control testing.
- Logging security management information, monitoring system logs, detecting security events, incident response, and reporting.
- Internal and external program audits.
Human Resources at Mines screens all new hires for criminal backgrounds. The Global Education Office, in coordination with Research Security and Integrity, screens all visiting scholars for export control restrictions. Students and employees involved in research projects that are restricted for export controls or controlled unclassified information are screened against federal restricted party lists.
The Colorado School of Mines employs a fully sworn law enforcement agency that operates on the campus at all times. The Colorado School of Mines Department of Public Safety works closely with the FBI Joint Terrorism Task Force (JTTF) and all local and state law enforcement agencies. The Colorado School of Mines Department of Public Safety regularly receives and shares timely information regarding potential terrorist activity via the Colorado Information Analysis Center (CIAC).
Program Protection/Technology Control
At Colorado School of Mines, the equivalent of a Program Protection Plan, given that the university hosts no research that is classified for national security, is the Technology Control Plan (TCP). A TCP is established for each project undertaken by Mines’ employees and students that is restricted for export control or controlled unclassified information. A TCP outlines the specific restriction and the protective measures in place to prevent the unauthorized release of controlled items, be they defense articles, technical data, or restricted equipment, materials, software, or technology.
Colorado School of Mines remains committed to tackling some of the most difficult challenges in earth, energy and environment, including finding solutions to groundwater contamination and lowering the risks of small-scale mining.