Code of Federal Regulations (Last Updated: April 5, 2024) |
Title 32 - National Defense |
Subtitle B - Other Regulations Relating to National Defense |
Chapter XX - Information Security Oversight Office, National Archives and Records Administration |
Part 2004 - National Industrial Security Program Directive No. 1 |
Subpart A - Implementation and Oversight |
§ 2004.10 - Responsibilities of the Director, Information Security Oversight Office (ISOO).
-
§ 2004.10 Responsibilities of the Director, Information Security Oversight Office (ISOO) [102(b)].[1]
The Director, ISOO shall:
(b) Ensure that the NISP is operated(a) Implement EO 12829, as amended.
Executive BranchImplements E.O. 12829, including ensuring that:
(1) The NISP operates as a single, integrated program across the
;executive branch of the Federal Government
the Executive Branch departments and agencies(i.e., such that
.agencies that release classified information to entities adhere to NISP principles
c) Ensure that each contractor);
(
implementation of the NISP is overseen by a single Cognizant Security Authority (CSA), based on a preponderance of classified contracts per agreement by the CSAs. (d) Ensure that all Executive Branch departments and2) A responsible CSA oversees each entity's
have includedNISP implementation in accordance with § 2004.22;
(3) All agencies that contract for classified work
such contract. (e) Ensure that those Executive Branch departments andinclude the Security Requirements clause, 48 CFR 52.204-2, from the Federal Acquisition Regulation (FAR), or an equivalent clause, in
entered intocontracts that require access to classified information;
(4) Those agencies for which the Department of Defense (DoD) serves as the CSA or provides industrial security services have
theagreements with
that establishDoD
termsdefining the
the SecretarySecretary of
those agency heads.Defense's responsibilities on behalf of
[1] Bracketed references pertain to related sections of Executive Order 12829, as amended by E.O. 12885Footnotes - 2004.10
their agency;
(5) Each CSA issues directions to entities under their cognizance that are consistent with the NISPOM insider threat guidance;
(6) CSAs share with each other, as lawful and appropriate, relevant information about entity employees that indicates an insider threat; and
(7) CSAs conduct ongoing analysis and adjudication of adverse or relevant information about entity employees that indicates an insider threat.
(b) Raises an issue to the National Security Council (NSC) for resolution if the EA's NISPOM coordination process cannot reach a consensus on NISPOM security standards (see § 2004.20(d)).