 |
Code of Federal Regulations (Last Updated: April 5, 2024) |
 |
Title 32 - National Defense |
|
Subtitle B - Other Regulations Relating to National Defense |
|
Chapter XX - Information Security Oversight Office, National Archives and Records Administration |
|
Part 2004 - National Industrial Security Program Directive No. 1 |
|
Subpart C - Operations |
§ 2004.30 - Security classification requirements and guidance.
-
§ 2004.30 Security classification requirements and guidance.
(a) Contract or agreement and solicition requirements.
(1) The GCA must incorporate FAR clause 52.204-2, Security Requirements (or equivalent set of security requirements), into contracts or agreements and solicitations requiring access to classified information.
(2) The GCA must also include a contract security classification specification (or equivalent guidance) with each contract or agreement and solicitation that requires access to classified information. The contract security classification specification (or equivalent guidance) must identify the specific elements of classified information involved in each phase of the contract or agreement life-cycle, such as:
(i) Level of classification;
(ii) Where the entity will access or store the classified information, and any requirements or limitations on transmitting classified information outside the entity;
(iii) Any special accesses;
(iv) Any classification guides or other guidance the entity needs to perform during that phase of the contract or agreement;
(v) Any authorization to disclose information about the contract or agreement requiring access to classified information; and
(vi) GCA personnel responsible for interpreting and applying the contract security specifications (or equivalent guidance).
(3) The GCA revises the contract security classification specification (or equivalent guidance) throughout the contract or agreement life-cycle as security requirements change.
(b) Guidance. Classification guidance is the exclusive responsibility of the GCA. The GCA prepares classification guidance in accordance with 32 CFR 2001.15, and provides appropriate security classification and declassification guidance to entities.
(c) Requests for clarification and classification challenges.
(1) The GCA responds to entity requests for clarification and classification challenges.
(2) The responsible CSA assists entities to obtain appropriate classification guidance from the GCA, and to obtain a classification challenge response from the GCA.
(d) Instructions upon contract or agreement completion or termination.
(1) The GCA provides instructions to the entity for returning or disposing of classified information upon contract or agreement completion or termination, or when an entity no longer has a legitimate need to retain or possess classified information.
(2) The GCA also determines whether the entity may retain classified information for particular purposes after the contract or agreement terminates, and if so, provides written authorization to the entity along with any instructions or limitations (such as which information, for how long, etc).