§ 159a.92 - Department of Defense.  

(a) Management Responsibility. (1) The DUSD(P) is the Senior DoD Information Security Authority having DoD-wide authority and responsibility to ensure effective and uniform compliance with and implementation of E.O. 12356 and its implementing ISOO Directive No. 1. As such, the DUSD(P) shall have primary responsibility for providing guidance, oversight and approval of policy and procedures governing the DoD Information Security Program. The DUSD(P) or his designee may approve waivers or exceptions to the provisions of this part to the extent such action is consistent with E.O. 12356 and ISOO Directive No. 1.

(2) The heads of DoD Components may approve waivers to the provisions of this part only as specifically provided for herein.

(3) The Director, NSA/Chief, Central Security Service, under 32 CFR part 159, is authorized to impose special requirements with respect to the marking, reproduction, distribution, accounting, and protection of and access to classified cryptologic information. In this regard, the Director, NSA, may approve waivers or exceptions to these special requirements. Except as provided in § 159a.6 the authority to lower any COMSEC security standards rests with the Secretary of Defense. Requests for approval of such waivers or exceptions to established COMSEC security standards which, if adopted, will have the effect of lowering such standards, shall be submitted to the DUSD(P) for approval by the Secretary of Defense.