04-04 SOW Attachment 04 - Sensitive Infrastructure Data Classification Memo.pdf


Original Source
Contract Opportunity
Date Originally Posted
April 19, 2022, 11:56 a.m.
Profiled People



Department of
Veterans Affairs


NOV O 7 2018


From: Deputy Under Secretary for Health for Operations and Management (1 ON)


Sensitive Infrastructure Data Classification - For Official Use Only (FOUO)

Veterans Integrated Service Network Directors (10N1-23)

1. This memorandum describes Veterans Health Administration's direction to protect
sensitive infrastructure information, including building drawings and related data, for
VHA-controlled space. VHA-controlled space includes owned, leased , and delegated
Federal facilities. All information determined to be sensitive shall be marked and
managed as FOUO in accordance with this memorandum. This applies to the access to
and generation, dissemination, storage, transfer and disposal of all FOUO information
related to VHA-controlled space and to procurements to obtain, alter, or manage space,
either Government-owned or leased, including VHA space that is delegated to other
Federal agencies.

2. Executive Order 13556, signed on November 4, 2010, establishes a program for
managing Controlled Unclassified Information, with the National Archives and Records
Administration (NARA) serving as the executive agent. The Department of Veterans
Affairs is in the process of developing Controlled Unclassified Information (CUI)
standards in conformance with the Executive Order and NARA requirements. In
advance of agency direction regarding the implementation of CUI, this memorandum
specifically identifies and defines sensitive infrastructure information. Due to the
increased use and transfer of electronic media it was determined that advance
clarification of infrastructure data requirements is necessary. Data types that will be
considered sensitive and therefore FOUO is as follows:

a. Facility drawings with technical details (e.g. cross-sections, construction details,

wiring diagrams, etc.) on critical or secure areas.

b. Specifications with information on critical or secure areas, associated functions or


c. Reports or investigations pertaining to facilities management or infrastructure

containing information on critical or secure areas.

d. Facility Operation and Maintenance data (Preventative Maintenance records,
Standard of Procedures. Maintenance and Operation manuals) on critical or
secure areas.


Sensitive Infrastructure Data classification - For Official Use Only (FOUO)

3. Critical or secure areas shall include areas categorized as or like the following, at a

• Pharmacy vault and dispensing area;
• Agent cashier area;
• Police holding cells and weapons vault;
• National Continuity of Operations (COOP) centers as well as COOP facilities at

each VAMC;

• National Emergency Response caches;
• Biological Safety Level - 3 laboratories;
• Security systems (Video Assessment and Surveillance System, Physical Access

Control System, Intrusion Detection System, etc.) and control centers;
Information Technology room design details; and
• Animal research facility or laboratories.

4. If you have any questions, please feel free to contact Mr. Vincent Rizzo, Compliance
Engineer, by phone at (716) 238-5587 or by email at In
addition, please coordinate this guidance with your Network Capital Assets Manager
and Medical Center Chief Engineers.