DOD 5220.22-M
   HOME

TheInfoList



Click Here for Items Related To - DOD 5220.22-M
OR:
DOD 5220.22-M on:   [Wikipedia]   [Google]   [Amazon]

The National Industrial Security Program, or NISP, is the nominal authority in the
United States The United States of America (U.S.A. or USA), commonly known as the United States (U.S. or US) or America, is a country primarily located in North America. It consists of 50 states, a federal district, five major unincorporated territorie ...
for managing the needs of
private industry The private sector is the part of the economy, sometimes referred to as the citizen sector, which is owned by private groups, usually as a means of establishment for profit or non profit, rather than being owned by the government. Employment The ...
to access
classified information Classified information is material that a government body deems to be sensitive information that must be protected. Access is restricted by law or regulation to particular groups of people with the necessary security clearance and need to know, ...
. The NISP was established in 1993 by Executive Order 12829. The
National Security Council A national security council (NSC) is usually an executive branch governmental body responsible for coordinating policy on national security issues and advising chief executives on matters related to national security. An NSC is often headed by a na ...
nominally sets policy for the NISP, while the Director of the Information Security Oversight Office is nominally the authority for implementation. Under the ISOO, the
Secretary of Defense A defence minister or minister of defence is a cabinet official position in charge of a ministry of defense, which regulates the armed forces in sovereign states. The role of a defence minister varies considerably from country to country; in som ...
is nominally the Executive Agent, but the NISP recognizes four different Cognizant Security Agencies, all of which have equal authority: the
Department of Defense Department of Defence or Department of Defense may refer to: Current departments of defence * Department of Defence (Australia) * Department of National Defence (Canada) * Department of Defence (Ireland) * Department of National Defense (Philippin ...
, the Department of Energy, the
Central Intelligence Agency The Central Intelligence Agency (CIA ), known informally as the Agency and historically as the Company, is a civilian foreign intelligence service of the federal government of the United States, officially tasked with gathering, processing, ...
, and the
Nuclear Regulatory Commission The Nuclear Regulatory Commission (NRC) is an independent agency of the United States government tasked with protecting public health and safety related to nuclear energy. Established by the Energy Reorganization Act of 1974, the NRC began operat ...
.
Defense Counterintelligence and Security Agency The Defense Counterintelligence and Security Agency (DCSA) is a federasecurityand defense agency of the United States Department of Defense (DoD) that reports to the Under Secretary of Defense for Intelligence.DCSA is the largest counterintellige ...
administers the NISP on behalf of the Department of Defense and 34 other federal agencies.


NISP Operating Manual (DoD 5220.22-M)

A major component of the NISP is the NISP Operating Manual, also called NISPOM, or DoD 5220.22-M. The NISPOM establishes the standard procedures and requirements for all government contractors, with regards to classified information. , the current NISPOM edition is dated 28 Feb 2006. Chapters and selected sections of this edition are: * Chapter 1 – General Provisions and Requirements * Chapter 2 – Security Clearances ** Section 1 – Facility Clearances ** Section 2 – Personnel Security Clearances ** Section 3 – Foreign Ownership, Control, or Influence (FOCI) * Chapter 3 – Security Training and Briefings * Chapter 4 –
Classification Classification is a process related to categorization, the process in which ideas and objects are recognized, differentiated and understood. Classification is the grouping of related facts into classes. It may also refer to: Business, organizat ...
and Marking * Chapter 5 – Safeguarding Classified Information * Chapter 6 – Visits and Meetings * Chapter 7 –
Subcontracting A subcontractor is an individual or (in many cases) a business that signs a contract to perform part or all of the obligations of another's contract. Put simply the role of a subcontractor is to execute the job they are hired by the contractor ...
* Chapter 8 –
Information System An information system (IS) is a formal, sociotechnical, organizational system designed to collect, process, store, and distribute information. From a sociotechnical perspective, information systems are composed by four components: task, people ...
Security * Chapter 9 – Special Requirements ** Section 1 – RD and FRD ** Section 2 – DoD Critical Nuclear Weapon Design Information (CNWDI) ** Section 3 – Intelligence Information ** Section 4 – Communication Security (COMSEC) * Chapter 10 – International Security Requirements * Chapter 11 – Miscellaneous Information ** Section 1 – TEMPEST ** Section 2 –
Defense Technical Information Center The Defense Technical Information Center (DTIC, pronounced "Dee-tick") is the repository for research and engineering information for the United States Department of Defense (DoD). DTIC's services are available to DoD personnel, federal governm ...
(DTIC) ** Section 3 – Independent Research and Development (IR&D) Efforts * Appendices


Data sanitization

DoD 5220.22-M is sometimes cited as a standard for sanitization to counter data remanence. The NISPOM actually covers the entire field of government–industrial security, of which data sanitization is a very small part (about two paragraphs in a 141-page document). Furthermore, the NISPOM does not actually specify any particular method. Standards for sanitization are left up to the Cognizant Security Authority. The Defense Security Service provides a ''Clearing and Sanitization Matrix'' (C&SM) which does specify methods. (98 KB) As of the June 2007 edition of the DSS C&SM, overwriting is no longer acceptable for sanitization of magnetic media; only degaussing or physical destruction is acceptable.NIST (2014-12-18). Unrelated to NISP or NISPOM, National Institute of Standards and Technology (NIST) Computer Security Division Released Special Publication 800-88 Revision 1, Guidelines for Media Sanitization, 18 December 2014. Retrieved from http://csrc.nist.gov/news_events/news_archive/news_archive_2014.html#dec18.


References


External links


EO-12829 overview ("National Industrial Security Program")

EO-12829 PDF


{{authority control Establishments by United States executive order United States intelligence agencies United States Department of Defense agencies Classified documents Data security United States government secrecy Data erasure