Code of Federal Regulations (Last Updated: November 8, 2024) |
Title 32 - National Defense |
Subtitle A - Department of Defense |
Chapter I - Office of the Secretary of Defense |
SubChapter E - Regulations Pertaining to Military Justice |
Part 159a - INFORMATION SECURITY PROGRAM REGULATION |
Subpart N - Program Management |
§ 159a.93 - DoD components.
-
(a)
General. The head of each DoD Component shall establish and maintain an Information Security Program designed to ensure compliance with the provisions of this part throughout the Component.(b)
Military Departments. In accordance with 32 CFR part 159 the Secretary of each Military Department shall designate a Senior Information Security Authority who shall be responsible for complying with and implementing this part within the Department.(c)
Other Components. In accordance with 32 CFR part 159, the head of each other DoD Component shall designate a Senior Information Security Authority who shall be responsible for complying with and implementing this Regulation within their respective Component.(d)
Program Monitorship. The Senior Information Security Authorities designated under paragraphs (b) and (c) of this section, are responsible within their respective jurisdictions for monitoring, inspecting with or without prior announcement, and reporting on the status of administration of the DoD Information Security Program at all levels of activity under their cognizance.(e)
Field Program Management. (1) Throughout the Department of Defense, the head of each activity shall appoint, in writing, an official to serve as security manager for the activity. This official shall be responsible for the administration of an effective Information Security Program in that activity with particular emphasis on security education and training, assignment of proper classifications, downgrading and declassification, safeguarding, and monitorship, to include sampling classified documents for the purpose of assuring compliance with this part.(2) Activity heads shall ensure that officials appointed as security managers either possess, or obtain within a reasonable time after appointment, knowledge of and training in the Information Security Program commensurate with the needs of their positions. The Director of Security Plans and Programs, ODUSD(P) shall, with the assistance of the Director, Defense Security Institute, develop minimum standards for training of activity security managers. Such training should result in appropriate certifications to be recorded in the personnel files of the individuals involved.
(3) Activity heads shall ensure that officials appointed as security managers are authorized direct and ready access to the appointing official on matters concerning the Information Security Program. They also shall provide sufficient resources of time, staff, and funds to permit accomplishment of the security manager's responsibilities, to include meaningful oversight of the Information Security Program at all levels of the activity.