NISPOM
   HOME

TheInfoList



Click Here for Items Related To - NISPOM
OR:
NISPOM on:   [Wikipedia]   [Google]   [Amazon]

The National Industrial Security Program, or NISP, is the nominal authority in the
United States The United States of America (U.S.A. or USA), commonly known as the United States (U.S. or US) or America, is a country primarily located in North America. It consists of 50 states, a federal district, five major unincorporated territori ...
for managing the needs of private industry to access
classified information Classified information is material that a government body deems to be sensitive information that must be protected. Access is restricted by law or regulation to particular groups of people with the necessary security clearance and need to kn ...
. The NISP was established in 1993 by
Executive Order In the United States, an executive order is a directive by the president of the United States that manages operations of the federal government. The legal or constitutional basis for executive orders has multiple sources. Article Two of t ...
12829. The National Security Council nominally sets policy for the NISP, while the Director of the
Information Security Oversight Office The Information Security Oversight Office (ISOO) is responsible to the President for policy and oversight of the government-wide security classification system and the National Industrial Security Program in the United States. The ISOO is a comp ...
is nominally the authority for implementation. Under the ISOO, the Secretary of Defense is nominally the Executive Agent, but the NISP recognizes four different Cognizant Security Agencies, all of which have equal authority: the
Department of Defense Department of Defence or Department of Defense may refer to: Current departments of defence * Department of Defence (Australia) * Department of National Defence (Canada) * Department of Defence (Ireland) * Department of National Defense (Philipp ...
, the
Department of Energy A Ministry of Energy or Department of Energy is a government department in some countries that typically oversees the production of fuel and electricity; in the United States, however, it manages nuclear weapons development and conducts energy-re ...
, the
Central Intelligence Agency The Central Intelligence Agency (CIA ), known informally as the Agency and historically as the Company, is a civilian foreign intelligence service of the federal government of the United States, officially tasked with gathering, processing, ...
, and the Nuclear Regulatory Commission.
Defense Counterintelligence and Security Agency The Defense Counterintelligence and Security Agency (DCSA) is a federasecurityand defense agency of the United States Department of Defense (DoD) that reports to the Under Secretary of Defense for Intelligence.DCSA is the largest counterintellige ...
administers the NISP on behalf of the Department of Defense and 34 other federal agencies.


NISP Operating Manual (DoD 5220.22-M)

A major component of the NISP is the NISP Operating Manual, also called NISPOM, or DoD 5220.22-M. The NISPOM establishes the standard procedures and requirements for all government contractors, with regards to classified information. , the current NISPOM edition is dated 28 Feb 2006. Chapters and selected sections of this edition are: * Chapter 1 – General Provisions and Requirements * Chapter 2 –
Security Clearances A security clearance is a status granted to individuals allowing them access to classified information (state or organizational secrets) or to restricted areas, after completion of a thorough background check. The term "security clearance" is ...
** Section 1 – Facility Clearances ** Section 2 – Personnel Security Clearances ** Section 3 – Foreign Ownership, Control, or Influence (FOCI) * Chapter 3 – Security Training and Briefings * Chapter 4 – Classification and Marking * Chapter 5 – Safeguarding Classified Information * Chapter 6 – Visits and Meetings * Chapter 7 – Subcontracting * Chapter 8 –
Information System An information system (IS) is a formal, sociotechnical, organizational system designed to collect, process, store, and distribute information. From a sociotechnical perspective, information systems are composed by four components: task, people ...
Security * Chapter 9 – Special Requirements ** Section 1 – RD and FRD ** Section 2 – DoD Critical Nuclear Weapon Design Information (CNWDI) ** Section 3 – Intelligence Information ** Section 4 – Communication Security (COMSEC) * Chapter 10 – International Security Requirements * Chapter 11 – Miscellaneous Information ** Section 1 –
TEMPEST Tempest is a synonym for a storm. '' The Tempest'' is a play by William Shakespeare. Tempest or The Tempest may also refer to: Arts and entertainment Films * ''The Tempest'' (1908 film), a British silent film * ''The Tempest'' (1911 film), a ...
** Section 2 – Defense Technical Information Center (DTIC) ** Section 3 – Independent Research and Development (IR&D) Efforts * Appendices


Data sanitization

DoD 5220.22-M is sometimes cited as a standard for sanitization to counter
data remanence Data remanence is the residual representation of digital data that remains even after attempts have been made to remove or erase the data. This residue may result from data being left intact by a nominal file deletion operation, by reformatting o ...
. The NISPOM actually covers the entire field of government–industrial security, of which data sanitization is a very small part (about two paragraphs in a 141-page document). Furthermore, the NISPOM does not actually specify any particular method. Standards for sanitization are left up to the Cognizant Security Authority. The
Defense Security Service The Defense Counterintelligence and Security Agency (DCSA) is a federasecurityand defense agency of the United States Department of Defense (DoD) that reports to the Under Secretary of Defense for Intelligence.DCSA is the largest counterintellige ...
provides a ''Clearing and Sanitization Matrix'' (C&SM) which does specify methods. (98 KB) As of the June 2007 edition of the DSS C&SM, overwriting is no longer acceptable for sanitization of magnetic media; only
degaussing Degaussing is the process of decreasing or eliminating a remnant magnetic field. It is named after the gauss, a unit of magnetism, which in turn was named after Carl Friedrich Gauss. Due to magnetic hysteresis, it is generally not possible to red ...
or physical destruction is acceptable.NIST (2014-12-18). Unrelated to NISP or NISPOM, National Institute of Standards and Technology (NIST) Computer Security Division Released Special Publication 800-88 Revision 1, Guidelines for Media Sanitization, 18 December 2014. Retrieved from http://csrc.nist.gov/news_events/news_archive/news_archive_2014.html#dec18.


References


External links


EO-12829 overview ("National Industrial Security Program")

EO-12829 PDF


{{authority control Establishments by United States executive order United States intelligence agencies United States Department of Defense agencies Classified documents Data security United States government secrecy Data erasure