Form OSY Form 207.12 OSY Form 207.12 DOC OSY Foreign National Request Form

DOC Foreign National Request
Form A
Instructions (This form must be typed and completed by Departmental Sponsor).
This form is used for investigative purposes, and, once completed and submitted to your Field Servicing Security Office
(FSSO), constitutes your obligation to meet the notification requirements outlined in DAO 207-12, Section 5.06. This
form must be completed for all Foreign National (non-U.S. National) Visitor and Guest requests.

Note: Questions #2, 3, 4, and 6 may be omitted for Lawful Permanent Residents presenting valid alien registration credentials (e.g., Form I-551,
"Green Card"). For a multi-member visitor group, delegation/or conference, use theAppendix (p. 2) to provide or attach required information (#1-7).

Section A.
1. Name: Last

First

Middle

2. Title(s):
3. Date of Birth (MM/DD/YYYY):
4. Gender:

M

5. Contact Email or Phone Number:

F

6. Nationality or Immigration Status:
a. Place of Birth (City/State/Country):
b. Country of Citizenship (List All) or Permanent Residence:
(If lawfully admitted into the U.S. for permanent residence, provide alien registration (i.e., Green Card number))

c. Passport and I-94 Form admission number:
7. Country of Citizenship Sponsoring Organization/Entity:
8. Departmental Sponsor Name and Signature:
(Must be a Federal employee of the Department of Commerce)

9. Sponsor Bureau:

Sponsor Phone Number:

10. Sponsor Email:
11. Facility Number, Name and Address:
City, State and Zip Code:

12. Visit Arrival Date:

Visit Departure Date:

(Per DAO 207-12, the FSSO must be notified about itinerary changes or changes related to the visit)

13. Alternate Point of Contact (name, email, phone):
14. Is this a RENEWAL?

Yes

No

If YES, provide dates of previous visits in Appendix (p. 2).

15. Purpose of Visit: (No acronyms; Be specific (i.e., associated program name, meeting purpose))

1 CONTAINS PII – Send by Secure File Transmission or other approved methods for PII materials.
OSY Form 207-12-A, March 14, 2019
OMB No. 0690-0033 (exp. 04/30/2019)

Name: Last
Visit Arrival Date:

First
Visit Departure Date:

Section B. Appendix. The space below may be used to provide additional visit information or supporting rationale.
Supplemental documentation may be attached, if needed.

Privacy Act Statement:

Authority: The collection of this information is authorized under Department of Commerce (DOC) Departmental Administrative Order (DAO)
207-12, Titled: Foreign Access Management Program; 27 Stat. 395 and 31 Stat. 1039; and all existing, applicable DOC policies, regulations and directives
concerning the tracking, security processing, of Foreign National Visitors and Guests for access to DOC facilities. The foregoing rules are intended to
implement, not to expand upon, the rights granted under the Privacy Act of 1974 (5 U.S.C. § 552a) (Privacy Act).
Purpose: The DOC Foreign Access Management Program is designed to enable the broadest cooperation and collaboration with international partners
while ensuring compliance with all applicable United States (U.S.) laws and regulations through consistent and effective management of physical and
logical access by Foreign Nationals to DOC facilities, resources and activities which are not available to the public. The Foreign Access Management
Program allows individuals not employed by the DOC to have access to DOC facilities, resources and activities under various cooperative, collaborative,
and contractual agreements.
Routine Uses: Information may be shared across DOC Bureaus or Operating Units as necessary, and with the Office of Security, in order to facilitate
physical and logical access to DOC facilities and resources. Disclosure of this information is also permitted under the Privacy Act to be shared among
DOC staff for work-related purposes. Additionally, this information is subject to all of the routine uses identified in the following Privacy Act System of
Records notices: DEPT-13, Investigative and Security Records, COMMERCE/NIST-1, NIST Associates, and DEPT-25, Access Control and Identity
Management System.
Disclosure: Furnishing this information is voluntary; however, failure to provide requested information may result in the denial of physical or logical
access to DOC facilities or resources by the subject individual.

Public Reporting Burden Statement:

This collection of information contains Paperwork Reduction Act (PRA) requirements approved by the Office of Management and Budget (OMB).
Notwithstanding any other provisions of the law, no person is required to respond to, nor shall any person be subject to a penalty for failure to comply
with, a collection of information subject to the requirements of the PRA unless that collection of information displays a currently valid OMB control
number. Public reporting burden for this collection is estimated to be 30 minutes per response, including the time for reviewing instructions, searching
existing data sources, gathering and maintaining the data needed and completing and reviewing the collection of information. Send comments
regarding this burden estimate or any aspect of this collection of information, including suggestions for reducing this burden, to the U.S. Department of
Commerce, Office of the Secretary, Office of Security (OS/OSY), 1401 Constitution Ave., NW, Washington, DC 20230.

2

CONTAINS PII – Send by Secure File Transmission or other approved methods for PII materials.

OSY Form 207-12-A, March 14, 2019
OMB No. 0690-0033 (exp. 04/30/2019)

Name: Last
Visit Arrival Date:

First
Visit Departure Date:

DOC Foreign National Request
Form B

Instructions (This form must be typed and completed by Departmental Sponsor (Federal employee only)).
This form supplements DOC Foreign National Request Form A. It is used for investigative purposes, and, once completed
and submitted to your Field Servicing Security Office (FSSO), constitutes your obligation to meet the notification
requirements outlined in DAO 207-12, Section 5.06, for Foreign National (FN) Guests.

Section A. Justification
1. Please define the collaboration, program, or project scope, and expected contributions by the FN Guest. Include
specific detail regarding professional affiliations (contract/organization/government/education), qualifications,
expertise, scope of work, and how this work will further the Department’s mission. The provided justification
must also include how the foreign national visit is in the best interest of the DOC Bureau being visited (no
acronyms).

2. List previous entry dates into the United States within the last 5 years: From:

From:
From:

To:
To:
To:

3. Accounting Code (if required):
Section B. Deemed Export: (To be completed by Departmental Sponsor)
1. Will the FN Guest have access to any classified, export controlled, controlled unclassified, proprietary, or not
intended for public release equipment, information, data, technology, or software? Yes
No
(See 15 C.F.R. § 734.3(b)(3) https://www.bis.doc.gov/index.php/forms-documents/regulations-docs/412-part-734-scope-of-the-exportadministration- regulations)

If YES, written disclosure authorization must be obtained from the owner or originator, requisite exemption applied,
or export license issued by the Bureau of Industry and Security, Department of State, or other regulatory agency prior
to granting access.

2. Was a controlled technology assessment conducted at the site(s) identified to be accessed by the FN Guest?
Yes
No
a. If controlled equipment, information, data, technology, or software is resident, is an inventory and
Access Control or Technology Control Plan on file?
Yes
No
b. If not, describe compensatory measures in place to reduce the risk of unauthorized disclosure of
controlled equipment, information, data, technology, or software pending issuance of the Access
Control or Technology Control Plan:

1

OSY Form 207-12-B, October 17, 2018

Name: Last

First

Visit Arrival Date:

Visit Departure Date:

Section C. Logical Access Requirements: (To be completed by Departmental Sponsor). Complete below to define FN

Guest logical access requirements as basis for Information Technology Security Officer (ITSO) FIPS 199 risk assessment.
Basic logical access may include access to a Bureau email address and standard Bureau unclassified network access. Note:
This form does not replace any other Bureau specific requirements for logical access. FN Guest access to classified/National
Security information is prohibited per CAM 1337.70 (Nov 2015), §3.4.3.

1. Does this FN Guest require basic, on-site logical access?
If NO, completion of this part is not required.

Yes

No

a. Does this FN Guest require remote access? 1 Yes
No
If yes, from what physical location is the FN Guest remoting in from? Home/address?
Has the FN Guest been issued a RSA token or another method of 2FA?
b. Is privileged access required? 2,3,4 If yes, proceed to #2. Yes

No

2. In addition to basic logical access to Bureau email and standard unclassified network access, below is a
description of the additional IT access that the named FN Guest may be granted permission to use. Include the
FIPS 199 security categorization level of the information to be accessed. Security categorization level will be
assigned at the highest level in which access is requested.
Low

Moderate

High

Privileged5

Provide details on any Privileged Access required:2,3,4 Use Appendix (p. 5) to provide or attach additional information.

3. Access end date (one year maximum from approval date)3:

1

See CITR-022, “End User Responsibilities, Commerce Information Technology Requirement” of April 15, 2015 for guidance. (Email
[email protected] for a copy of CITR-022). Remote Access defined per 2014 ITSPP as, “Access to an organizational information
system by a user (or a process acting on behalf of a user) communicating through an external network (e.g., the Internet). Remote access
uses telecommunications to enable authorized access to non-public DOC computing services that would otherwise be inaccessible from
work locations outside a DOC LAN or DOC-controlled WAN computing environment. This includes access to non-public DOC IT systems
and data that are exposed to the public Internet (e.g., web access to electronic mail by the home user or business traveler) as well as modem
dial-up and/or Virtual Private Network (VPN) access to internal DOC IT servers and desktop workstations.”
2
Privileged Access defined per 2014 ITSPP as, “Root or Administrator Access.”
3
If privileged access is required, permission must be granted in writing by the system’s Authorizing Official and a Tier 2 Minimum
Background Investigation (5 year U.S. residency) must be successfully completed and adjudicated prior to privileged access being granted.
4
See CITR-026, Privileged Account Management, June 1, 2017. Email [email protected] for a copy.
5
Additional approval from the system’s Authorizing Official will be required for overall FIPS199 security categorizations of
Moderate or High or Privileged.

2

OSY Form 207-12-B, October 17, 2018

Name: Last
Visit Arrival Date:

First
Visit Departure Date:

Section D. Limited Unescorted Access (LUA): (Optional. To be completed by Departmental Sponsor, if required.)
1. Will the FN Guest require LUA to satisfy program or project requirements at any point during the visit
or agreement period?
Yes
No
If YES, provide additional mission-essential justification for the expanded physical and/or logical access including
designation of required facility work space or locations, specified hours, and a favorable adjudication of any implications
upon contiguous work spaces, locations, programs, and associated Access Control or Technology Control Plans. Final
approval is subject to favorable completion of applicable agency checks and related administrative requirements.

3

OSY Form 207-12-B, October 17, 2018

Name: Last

First

Visit Arrival Date:

Visit Departure Date:

Section E. FN Guest Request Certification: Digital or written signatures acceptable.
1. I certify the benefits to be gained from hosting

will further the
Department's mission and is balanced against the need to protect sensitive assets at the Department and the risks associated
with failure to protect these assets. I have signed the DAO 207-12, "Certification of Conditions and Responsibilities for
Departmental Sponsors of Foreign National Guests," and I accept the responsibility for performing the duties set forth in the
DAO in order to manage the risks involved with sponsoring foreign nationals in federal facilities. In this regard, I will take
all reasonable steps to ensure that my Guest will not have unauthorized physical, visual, or logical access to classified,
CUI, export controlled, proprietary, or not-for-public-release data, information, or technology. I acknowledge by signing
below that my FN Guest may not be granted access to classified, CUI, export controlled, proprietary, or not-for-publicrelease data, information, or technology without written authorization from the owner or originator, requisite exemption
applied, or export license issued by the Bureau of Industry and Security, Department of State, or other regulatory agency.

Printed Name of Departmental Sponsor

Signature of Departmental Sponsor

Date

Organization

Printed Name of Escort, if required

Signature of Escort

Date

Organization

Printed Name of Escort #2, if required

Signature of Escort #2

Date

Organization

2. I certify that the FN Guest collaboration defined above remains within the Span of Control of the Departmental Sponsor and
concur that the program/project scope and benefits gained by providing access to Department facilities and resources is
balanced with the need to protect classified, CUI, export controlled, proprietary or not-for-public release data, information
or technology.

Printed Name of Supervisor

Signature of Supervisor

Date

Organization

3. I concur that the FN Guest collaboration defined above and the benefit gained by access to Departmental facilities and

resources is consistent with the need to protect classified, CUI, export controlled, proprietary or not-for-public release data,
information or technology, and the strategic interests of the Department of Commerce.

Printed Name of Senior Bureau Official
(or designated official)

4

OSY Form 207-12-B, October 17, 2018

Signature of Senior Bureau Official
(or designated official)

Date

Organization

Name: Last
Visit Arrival Date:

First
Visit Departure Date:

Section F. FIPS199 Validation: (To be completed by the ITSO upon review of Section C). Digital or written
signatures acceptable.

Based on a review of the requested logical access, the overall risk level for the logical access assigned in Section C
is accurate:

Printed Name of ITSO or Designee

Signature of ITSO or Designee

Date

Organization

If the overall FIPS199 Security Categorization is Moderate or High or Privileged Access is required:

Printed Name of System’s Authorizing Official

Signature of System’s Authorizing Official

Date

Organization

Appendix. The space below may be used to provide additional information or supporting rationale. Supplemental
documentation may be attached, if needed.

5

OSY Form 207-12-B, October 17, 2018