National Industrial Security Program Operating Manual
   HOME

TheInfoList



Click Here for Items Related To - National Industrial Security Program Operating Manual
OR:
National Industrial Security Program Operating Manual on:   [Wikipedia]   [Google]   [Amazon]

The National Industrial Security Program, or NISP, is the nominal authority in the United States for managing the needs of
private industry The private sector is the part of the economy, sometimes referred to as the citizen sector, which is owned by private groups, usually as a means of establishment for profit or non profit, rather than being owned by the government. Employment The ...
to access classified information. The NISP was established in 1993 by Executive Order 12829. The
National Security Council A national security council (NSC) is usually an executive branch governmental body responsible for coordinating policy on national security issues and advising chief executives on matters related to national security. An NSC is often headed by a na ...
nominally sets policy for the NISP, while the Director of the Information Security Oversight Office is nominally the authority for implementation. Under the ISOO, the
Secretary of Defense A defence minister or minister of defence is a cabinet official position in charge of a ministry of defense, which regulates the armed forces in sovereign states. The role of a defence minister varies considerably from country to country; in som ...
is nominally the Executive Agent, but the NISP recognizes four different Cognizant Security Agencies, all of which have equal authority: the Department of Defense, the Department of Energy, the Central Intelligence Agency, and the
Nuclear Regulatory Commission The Nuclear Regulatory Commission (NRC) is an independent agency of the United States government tasked with protecting public health and safety related to nuclear energy. Established by the Energy Reorganization Act of 1974, the NRC began operat ...
. Defense Counterintelligence and Security Agency administers the NISP on behalf of the Department of Defense and 34 other federal agencies.


NISP Operating Manual (DoD 5220.22-M)

A major component of the NISP is the NISP Operating Manual, also called NISPOM, or DoD 5220.22-M. The NISPOM establishes the standard procedures and requirements for all government contractors, with regards to classified information. , the current NISPOM edition is dated 28 Feb 2006. Chapters and selected sections of this edition are: * Chapter 1 – General Provisions and Requirements * Chapter 2 – Security Clearances ** Section 1 – Facility Clearances ** Section 2 – Personnel Security Clearances ** Section 3 – Foreign Ownership, Control, or Influence (FOCI) * Chapter 3 – Security Training and Briefings * Chapter 4 –
Classification Classification is a process related to categorization, the process in which ideas and objects are recognized, differentiated and understood. Classification is the grouping of related facts into classes. It may also refer to: Business, organizat ...
and Marking * Chapter 5 – Safeguarding Classified Information * Chapter 6 – Visits and Meetings * Chapter 7 –
Subcontracting A subcontractor is an individual or (in many cases) a business that signs a contract to perform part or all of the obligations of another's contract. Put simply the role of a subcontractor is to execute the job they are hired by the contractor ...
* Chapter 8 – Information System Security * Chapter 9 – Special Requirements ** Section 1 – RD and FRD ** Section 2 – DoD Critical Nuclear Weapon Design Information (CNWDI) ** Section 3 – Intelligence Information ** Section 4 – Communication Security (COMSEC) * Chapter 10 – International Security Requirements * Chapter 11 – Miscellaneous Information ** Section 1 – TEMPEST ** Section 2 –
Defense Technical Information Center The Defense Technical Information Center (DTIC, pronounced "Dee-tick") is the repository for research and engineering information for the United States Department of Defense (DoD). DTIC's services are available to DoD personnel, federal governm ...
(DTIC) ** Section 3 – Independent Research and Development (IR&D) Efforts * Appendices


Data sanitization

DoD 5220.22-M is sometimes cited as a standard for sanitization to counter data remanence. The NISPOM actually covers the entire field of government–industrial security, of which data sanitization is a very small part (about two paragraphs in a 141-page document). Furthermore, the NISPOM does not actually specify any particular method. Standards for sanitization are left up to the Cognizant Security Authority. The Defense Security Service provides a ''Clearing and Sanitization Matrix'' (C&SM) which does specify methods. (98 KB) As of the June 2007 edition of the DSS C&SM, overwriting is no longer acceptable for sanitization of magnetic media; only degaussing or physical destruction is acceptable.NIST (2014-12-18). Unrelated to NISP or NISPOM, National Institute of Standards and Technology (NIST) Computer Security Division Released Special Publication 800-88 Revision 1, Guidelines for Media Sanitization, 18 December 2014. Retrieved from http://csrc.nist.gov/news_events/news_archive/news_archive_2014.html#dec18.


References


External links


EO-12829 overview ("National Industrial Security Program")

EO-12829 PDF


{{authority control Establishments by United States executive order United States intelligence agencies United States Department of Defense agencies Classified documents Data security United States government secrecy Data erasure