eLaws | eCases | United States Code | Federal Courts |
 Code of Federal Regulations (Last Updated: April 5, 2024)
 Title 32 - National Defense
 Subtitle B - Other Regulations Relating to National Defense
 Chapter XX - Information Security Oversight Office, National Archives and Records Administration
 Part 2004 - National Industrial Security Program Directive No. 1
 Subpart A - Implementation and Oversight

  § 2004.10 - Responsibilities of the Director, Information Security Oversight Office (ISOO).  

Latest version.

  • § 2004.10 Responsibilities of the Director, Information Security Oversight Office (ISOO) [102(b)].[1]

    The Director, ISOO shall:

    (a) Implement EO 12829, as amended.

    (b) Ensure that the NISP is operated

    Implements E.O. 12829, including ensuring that:

    (1) The NISP operates as a single, integrated program across the

    Executive Branch

    executive branch of the Federal Government

    ;

    (i.e., such that

    the Executive Branch departments and agencies

    agencies that release classified information to entities adhere to NISP principles

    .

    );

    (

    c) Ensure that each contractor

    2) A responsible CSA oversees each entity's

    implementation of the NISP is overseen by a single Cognizant Security Authority (CSA), based on a preponderance of classified contracts per agreement by the CSAs. (d) Ensure that all Executive Branch departments and

    NISP implementation in accordance with § 2004.22;

    (3) All agencies that contract for classified work

    have included

    include the Security Requirements clause, 48 CFR 52.204-2, from the Federal Acquisition Regulation (FAR), or an equivalent clause, in

    such contract. (e) Ensure that those Executive Branch departments and

    contracts that require access to classified information;

    (4) Those agencies for which the Department of Defense (DoD) serves as the CSA or provides industrial security services have

    entered into

    agreements with

    the

    DoD

    that establish

    defining the

    terms

    Secretary of

    the Secretary

    Defense's responsibilities on behalf of

    those agency heads.
    Footnotes - 2004.10
    [1] Bracketed references pertain to related sections of Executive Order 12829, as amended by E.O. 12885

    their agency;

    (5) Each CSA issues directions to entities under their cognizance that are consistent with the NISPOM insider threat guidance;

    (6) CSAs share with each other, as lawful and appropriate, relevant information about entity employees that indicates an insider threat; and

    (7) CSAs conduct ongoing analysis and adjudication of adverse or relevant information about entity employees that indicates an insider threat.

    (b) Raises an issue to the National Security Council (NSC) for resolution if the EA's NISPOM coordination process cannot reach a consensus on NISPOM security standards (see § 2004.20(d)).