Legal Status
This site displays a prototype of a “Web 2.0” version of the daily Federal Register. It is not an official legal edition of the Federal Register, and does not replace the official print version or the official electronic version on GPO’s govinfo.gov.
The documents posted on this site are XML renditions of published Federal Register documents. Each document posted on the site includes a link to the corresponding official PDF file on govinfo.gov. This prototype edition of the daily Federal Register on FederalRegister.gov will remain an unofficial informational resource until the Administrative Committee of the Federal Register (ACFR) issues a regulation granting it official legal status. For complete information about, and access to, our official publications and services, go to About the Federal Register on NARA's archives.gov.
The OFR/GPO partnership is committed to presenting accurate and reliable regulatory information on FederalRegister.gov with the objective of establishing the XML-based Federal Register as an ACFR-sanctioned publication in the future. While every effort has been made to ensure that the material on FederalRegister.gov is accurately displayed, consistent with the official SGML-based PDF version on govinfo.gov, those relying on it for legal research should verify their results against an official edition of the Federal Register. Until the ACFR grants it official status, the XML rendition of the daily Federal Register on FederalRegister.gov does not provide legal notice to the public or judicial notice to the courts.
Legal Status
Rule
National Industrial Security Program Directive No. 1
A Rule by the Information Security Oversight Office on 04/10/2006
Document Details
Information about this document as published in the Federal Register.
- Printed version:
- Publication Date:
- 04/10/2006
- Agencies:
- Information Security Oversight Office
- Dates:
- May 10, 2006.
- Effective Date:
- 05/10/2006
- Document Type:
- Rule
- Document Citation:
- 71 FR 18007
- Page:
- 18007-18008 (2 pages)
- CFR:
- 32 CFR 2004
- RIN:
- 3095-AB34
- Document Number:
- 06-3383
Document Details
Document Statistics
- Page views:
- 141
- as of 02/26/2021 at 10:15 pm EST
Document Statistics
Published Document
This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.
Published Document
-
Enhanced Content - Table of Contents
This table of contents is a navigational tool, processed from the headings within the legal text of Federal Register documents. This repetition of headings to form internal navigation links has no substantive legal effect.
- AGENCY:
- ACTION:
- SUMMARY:
- DATED:
- FOR FURTHER INFORMATION CONTACT:
- SUPPLEMENTARY INFORMATION:
- List of Subjects in 32 CFR Part 2004
- PART 2004—NATIONAL INDUSTRIAL SECURITY PROGRAM DIRECTIVE NO. 1
- Subpart A—Implementation and Oversight
- Subpart B—Operations
- Subpart A—Implementation and Oversight
- Subpart B—Operations
- Footnotes
Enhanced Content - Table of Contents
-
Enhanced Content - Submit Public Comment
- This feature is not available for this document.
Enhanced Content - Submit Public Comment
-
Enhanced Content - Read Public Comments
- This feature is not available for this document.
Enhanced Content - Read Public Comments
-
Enhanced Content - Sharing
- Shorter Document URL
- https://www.federalregister.gov/d/06-3383
Enhanced Content - Sharing
-
Enhanced Content - Document Tools
These tools are designed to help you understand the official document better and aid in comparing the online edition to the print edition.
-
These markup elements allow the user to see how the document follows the Document Drafting Handbook that agencies use to create their documents. These can be useful for better understanding how a document is structured but are not part of the published document itself.
Display Non-Printed Markup Elements
Enhanced Content - Document Tools
-
-
Enhanced Content - Developer Tools
This document is available in the following developer friendly formats:
- JSON: Normalized attributes and metadata
- XML: Original full text XML
- MODS: Government Publishing Office metadata
More information and documentation can be found in our developer tools pages.
Enhanced Content - Developer Tools
Published Document
This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.
AGENCY:
Information Security Oversight Office (ISOO), National Archives and Records Administration (NARA).
ACTION:
Final rule.
SUMMARY:
The Information Security Oversight Office (ISOO), National Archives and Records Administration (NARA), is publishing this Directive pursuant to section 102(b)(1) of Executive Order 12829, as amended, relating to the National Industrial Security Program. This order establishes a National Industrial Security Program (NISP) to safeguard Federal Government classified information that is released to contractors, licensees, and grantees of the United States Government. Redundant, overlapping, or unnecessary requirements impede those interests. Therefore, the NISP serves as the single, integrated, cohesive industrial security program to protect classified information and to preserve our Nation's economic and technological interests. This Directive sets forth guidance to agencies to set uniform standards throughout the NISP that promote these objectives.
DATED:
Effective Date: May 10, 2006.
Start Further InfoFOR FURTHER INFORMATION CONTACT:
J. William Leonard, Director, ISOO, at 202-357-5250.
End Further Info End Preamble Start Supplemental InformationSUPPLEMENTARY INFORMATION:
The proposed rule was published in the January 27, 2006, Federal Register (71 FR 4541) for a 45-day public comment period. NARA received no comments on the proposed rule. The final rule is published without change.
This final rule is being issued pursuant to the provisions of section 102(b)(1) of Executive Order 12829, January 6, 2003 (58 FR 3479), as amended by Executive Order 12885, December 14, 1993, (58 FR 65863). The purpose of this Directive is to assist in implementing the Order; users of the Directive shall refer concurrently to that Order for guidance. As of November 17, 1995, ISOO became a part of NARA. The drafting, coordination, and issuance of this Directive fulfills one of the responsibilities of the implementation delegated to the ISOO Director. ISOO maintains oversight over Executive Order 12958, as amended, and policy oversight over Executive Order 12829, as amended. Nothing in this directive shall be construed to supersede the authority of the Secretary of Energy or the Nuclear Regulatory Commission under the Atomic Energy Act of 1954, as amended (42 U.S.C. 2011 et seq.), or the authority of the Director of Central Intelligence under the National Security Act of 1947, as amended, or Executive Order No. 12333 of December 8, 1981, or the authority of the Director of National Intelligence under the Intelligence Reform and Terrorism Prevention Act of 2004. Requirements of the latter Act will necessitate additional future changes to Executive Order 12829 and this implementing Directive. The interpretive guidance contained in this rule will assist agencies in implementing Executive Order 12829, as amended.
This rule is not a significant regulatory action for the purposes of Executive Order 12866. The rule is not a major rule as defined in 5 U.S.C. Chapter 8, Congressional Review of Agency Rulemaking. As required by the Regulatory Flexibility Act, we certify that this rule will not have a significant impact on a substantial number of small entities because it applies only to Federal agencies.
Start List of SubjectsList of Subjects in 32 CFR Part 2004
End List of Subjects Start Amendment Part1. For the reasons set forth in the preamble, NARA amends Title 32 of the Code of Federal Regulations to add part 2004 as follows:
End Amendment Part Start PartPART 2004—NATIONAL INDUSTRIAL SECURITY PROGRAM DIRECTIVE NO. 1
- 2004.10
- Responsibilities of the Director, Information Security Oversight Office (ISOO) [102(b)].
- 2004.11
- Agency Implementing Regulations, Internal Rules, or Guidelines [102(b)(3)].
- 2004.12
- Reviews by ISOO [102(b)(4)].
- 2004.20
- National Industrial Security Program Operating Manual (NISPOM) [201(a)].
- 2004.21
- Protection of Classified Information [201(e)].
- 2004.22
- Operational Responsibilities [202(a)].
- 2004.23
- Cost Reports [203(d)].
- 2004.24
- Definitions.
Authority: Section 102(b)(1) of Executive Order 12829, January 6, 2003, 58 FR 3479, as amended by Executive Order 12885, December 14, 1993, 58 FR 65863.
End AuthoritySubpart A—Implementation and Oversight
The Director ISOO shall:
(a) Implement EO 12829, as amended.
(b) Ensure that the NISP is operated as a single, integrated program across the Executive Branch of the Federal Government; i.e., that the Executive Branch departments and agencies adhere to NISP principles.
(c) Ensure that each contractor's implementation of the NISP is overseen by a single Cognizant Security Authority (CSA), based on a preponderance of classified contracts per agreement by the CSAs.
(d) Ensure that all Executive Branch departments and agencies that contract for classified work have included the Security Requirements clause, 52.204-2, from the Federal Acquisition Regulation (FAR), or an equivalent clause, in such contract.
(e) Ensure that those Executive Branch departments and agencies for which the Department of Defense (DoD) serves as the CSA have entered into agreements with the DoD that establish the terms of the Secretary's responsibilities on behalf of those agency heads.
(a) Reviews and Updates. All implementing regulations, internal Start Printed Page 18008rules, or guidelines that pertain to the NISP shall be reviewed and updated by the originating agency, as circumstances require. If a change in national policy necessitates a change in agency implementing regulations, internal rules, or guidelines that pertain to the NISP, the agency shall promptly issue revisions.
(b) Reviews by ISOO. The Director, ISOO, shall review agency implementing regulations, internal rules, or guidelines, as necessary, to ensure consistency with NISP policies and procedures. Such reviews should normally occur during routine oversight visits, when there is indication of a problem that comes to the attention of the Director, ISOO, or after a change in national policy that impacts such regulations, rules, or guidelines. The Director, ISOO, shall provide findings from such reviews to the responsible department or agency.
The Director, ISOO, shall fulfill his monitoring role based, in part, on information received from NISP Policy Advisory Committee (NISPPAC) members, from on-site reviews that ISOO conducts under the authority of EO 12829, as amended, and from complaints and suggestions from persons within or outside the Government. Findings shall be reported to the responsible department or agency.
Subpart B—Operations
(a) The NISPOM applies to release of classified information during all phases of the contracting process.
(b) As a general rule, procedures for safeguarding classified information by contractors and recommendations for changes shall be addressed through the NISPOM coordination process that shall be facilitated by the Executive Agent. The Executive Agent shall address NISPOM issues that surface from industry, Executive Branch departments and agencies, or the NISPPAC. When consensus cannot be achieved through the NISPOM coordination process, the issue shall be raised to the NSC for resolution.
Procedures for the safeguarding of classified information by contractors are promulgated in the NISPOM. DoD, as the Executive Agent, shall use standards applicable to agencies as the basis for the requirements, restrictions, and safeguards contained in the NISPOM; however, the NISPOM requirements may be designed to accommodate as necessary the unique circumstances of industry. Any issue pertaining to deviation of industry requirements in the NISPOM from the standards applicable to agencies shall be addressed through the NISPOM coordination process.
(a) Designation of Cognizant Security Authority (CSA). The CSA for a contractor shall be determined by the preponderance of classified contract activity per agreement by the CSAs. The responsible CSA shall conduct oversight inspections of contractor security programs and provide other support services to contractors as necessary to ensure compliance with the NISPOM and that contractors are protecting classified information as required. DoD, as Executive Agent, shall serve as the CSA for all Executive Branch departments and agencies that are not a designated CSA. As such, DoD shall:
(1) Provide training to industry to ensure that industry understands the responsibilities associated with protecting classified information.
(2) Validate the need for contractor access to classified information, shall establish a system to request personnel security investigations for contractor personnel, and shall ensure adequate funding for investigations of those contractors under Department of Defense cognizance.
(3) Maintain a system of eligibility and access determinations of contractor personnel.
(b) General Responsibilities. Executive Branch departments and agencies that issue contracts requiring industry to have access to classified information and are not a designated CSA shall:
(1) Include the Security Requirements clause, 52.204-2, from the FAR in such contracts;
(2) Incorporate a Contract Security Classification Specification (DD 254) into the contracts in accordance with the FAR subpart 4.4;
(3) Sign agreements with the Department of Defense as the Executive Agent for industrial security services; and,
(4) Ensure applicable department and agency personnel having NISP implementation responsibilities are provided appropriate education and training.
(a) The Executive Branch departments and agencies shall provide information each year to the Director, ISOO, on the costs within the agency associated with implementation of the NISP for the previous year.
(b) The DoD as the Executive Agent shall develop a cost methodology in coordination with industry to collect the costs incurred by contractors of all Executive Branch departments and agencies to implement the NISP, and shall report those costs to the Director, ISOO, on an annual basis.
(a) “Cognizant Security Agencies (CSAs)” means the Executive Branch departments and agencies authorized in EO 12829, as amended, to establish industrial security programs: The Department of Defense, designated as the Executive Agent; the Department of Energy; the Nuclear Regulatory Commission; and the Central Intelligence Agency.
(b) “Contractor” means any industrial, education, commercial, or other entity, to include licensees or grantees that has been granted access to classified information. Contractor does not include individuals engaged under personal services contracts.
Dated: March 31, 2006.
J. William Leonard,
Director, Information Security Oversight Office.
Approved: March 31, 2006.
Allen Weinstein,
Archivist of the United States.
Footnotes
1. Bracketed references pertain to related sections of Executive Order 12829, as amended by E.O. 12885.
Back to Citation[FR Doc. 06-3383 Filed 4-7-06; 8:45 am]
BILLING CODE 7515-01-P