National Industrial Security Program Operating Manual (NISPOM)

[Pages:141]DoD 5220.22-M

NATIONAL INDUSTRIAL SECURITY PROGRAM

OPERATING MANUAL

February 28, 2006

February 28, 2006

FOREWORD

As required by Executive Order 12829 and under the authority of DoD Directive 5220.22, "National Industrial Security Program (NISP)," September 27, 2004, this Manual reissues DoD 5220.22-M, "National Industrial Security Program Operating Manual (NISPOM)," January 1995 (hereby canceled). It provides baseline standards for the protection of classified information released or disclosed to industry in connection with classified contracts under the NISP. This Manual cancels DoD 5220.22-S-1, "COMSEC Supplement to the Industrial Security Manual for Safeguarding Classified Information," August 1983. Users of the NISPOM are encouraged to submit recommended changes through their Cognizant Security Agency to the designated representative of the Secretary of Defense in his capacity as the Executive Agent for the NISP pursuant to Presidential guidance at the following address:

Department of Defense Under Secretary of Defense for Intelligence ATTN: OUSD(I)/ODUSD(CI&S), Room 3A666 5000 Defense Pentagon Washington, D.C. 20301-5000

1

TABLE OF CONTENTS

page

Foreword....................................................................................................................................1

Table of Contents.....................................................................................................2

References..............................................................................................................12

AL1. Acronyms......................................................................................................14

CHAPTER 1. GENERAL PROVISIONS AND REQUIREMENTS

Section 1. Introduction 1-100. Purpose........................................................................................................1-1-1 1-101. Authority.....................................................................................................1-1-1 1-102. Scope ...........................................................................................................1-1-2 1-103. Agency Agreements ..................................................................................1-1-2 1-104. Security Cognizance..................................................................................1-1-2 1-105. Composition of Manual.............................................................................1-1-2 1-106. Manual Interpretations...............................................................................1-1-3 1-107. Waivers and Exceptions to this Manual ..................................................1-1-3

Section 2. General Requirements 1-200. General...........................................................................................................1-2-1 1-201. Facility Security Officer (FSO) ..................................................................1-2-1 1-202. Standard Practice Procedures......................................................................1-2-1 1-203. One-Person Facilities...................................................................................1-2-1 1-204. Cooperation with Federal Agencies and Officially Credentialed Representatives of Those Agencies........................................................................1-2-1 1-205. Security Training and Briefings..................................................................1-2-1 1-206. Security Reviews..........................................................................................1-2-1 1-207. Hotlines..........................................................................................................1-2-1 1-208. Classified Information Procedures Act (CIPA)........................................1-2-2

Section 3. Reporting Requirements 1-300. General ........................................................................................................1-3-1 1-301. Reports to be Submitted to the FBI..........................................................1-3-1 1-302. Reports to be Submitted to the CSA ........................................................1-3-1 1-303. Reports of Loss, Compromise, or Suspected Compromise...................1-3-2 1-304. Individual Culpability Reports..................................................................1-3-3

CHAPTER 2. SECURITY CLEARANCES

Section 1. Facility Clearances 2-100. General ........................................................................................................2-1-1 2-101. Reciprocity..................................................................................................2-1-1

2

2-102. Eligibility Requirements............................................................................2-1-1 2-103. Processing the FCL....................................................................................2-1-1 2-104. PCLs Required in Connection with the FCL..........................................2-1-1 2-105. PCLs Concurrent with the FCL................................................................2-1-1 2-106. Exclusion Procedures ................................................................................2-1-1 2-107. Interim FCLs ..............................................................................................2-1-2 2-108. Multiple Facility Organizations (MFOs).................................................2-1-2 2-109. Parent-Subsidiary Relationships...............................................................2-1-2 2-110. Termination of the FCL.............................................................................2-1-2 2-111. Records Maintenance ................................................................................2-1-2 Section 2. Personnel Security Clearances 2-200. General ........................................................................................................2-2-1 2-201. Investigative Requirements.......................................................................2-2-1 2-202. Procedures for Completing the Electronic Version of the SF 86..........2-2-1 2-203. Common Adjudicative Standards ............................................................2-2-2 2-204. Reciprocity..................................................................................................2-2-2 2-205. Pre-employment Clearance Action..........................................................2-2-2 2-206. Contractor-Granted Clearances ................................................................2-2-2 2-207. Verification of U.S. Citizenship ...............................................................2-2-2 2-208. Acceptable Proof of Citizenship...............................................................2-2-2 2-209. Non-U.S. Citizens ......................................................................................2-2-3 2-210. Access Limitations of an LAA.................................................................2-2-3 2-211. Interim PCLs ..............................................................................................2-2-3 2-212. Consultants .................................................................................................2-2-3 Section 3. Foreign Ownership, Control, or Influence (FOCI) 2-300. Policy .............................................................................................................2-3-1 2-301. Factors............................................................................................................2-3-1 2-302. Procedures.....................................................................................................2-3-2 2-303. FOCI Action Plans.......................................................................................2-3-2 2-304. Citizenship of Persons Requiring PCLs ....................................................2-3-3 2-305. Qualifications of Trustees, Proxy Holders, and Outside Directors ........2-3-4 2-306. GSC................................................................................................................2-3-4 2-307. TCP ................................................................................................................2-3-4 2-308. Annual Review and Certification...............................................................2-3-4 2-309. Limited FCL .................................................................................................2-3-5 2-310. Foreign Mergers, Acquisitions and Takeovers and the Committee on Foreign Investment in the United States (CFIUS) ...............................................2-3-5

CHAPTER 3. SECURITY TRAINING AND BRIEFINGS

Section 1. Security Training and Briefings 3-100. General ........................................................................................................3-1-1 3-101. Training Materials......................................................................................3-1-1 3-102. FSO Training..............................................................................................3-1-1 3-103. Government-Provided Briefings ..............................................................3-1-1 3-104. Temporary Help Suppliers........................................................................3-1-1

3

3-105. Classified Information Nondisclosure Agreement (SF 312).................3-1-1 3-106. Initial Security Briefings............................................................................3-1-1 3-107. Refresher Training .....................................................................................3-1-1 3-108. Debriefings .................................................................................................3-1-1

CHAPTER 4. CLASSIFICATION AND MARKING

Section 1. Classification 4-100. General..................................................................................................... 4-1-1 4-101. Original Classification............................................................................ 4-1-1 4-102. Derivative Classification Responsibilities............................................ 4-1-1 4-103. Security Classification Guidance .......................................................... 4-1-1 4-104. Challenges to Classification................................................................... 4-1-2 4-105. Contractor Developed Information ....................................................... 4-1-2 4-106. Classified Information Appearing in Public Media............................. 4-1-2 4-107. Downgrading or Declassifying Classified Information....................... 4-1-3

Section 2. Marking Requirements 4-200. General ........................................................................................................4-2-1 4-201. Marking Requirements for Information and Material............................4-2-1 4-202. Identification Markings .............................................................................4-2-1 4-203. Overall Markings .......................................................................................4-2-1 4-204. Page Markings............................................................................................4-2-1 4-205. Component Markings................................................................................4-2-1 4-206. Portion Markings........................................................................................4-2-1 4-207. Subject and Title Markings.......................................................................4-2-2 4-208. Markings for Derivatively Classified Documents..................................4-2-2 4-209. Documents Generated Under Previous E.O.s.........................................4-2-3 4-210. Marking Special Types of Material..........................................................4-2-3 4-211. Marking Transmittal Documents .............................................................4-2-3 4-212. Marking Wholly Unclassified Material...................................................4-2-3 4-213. Marking Compilations...............................................................................4-2-3 4-214. Marking Miscellaneous Material .............................................................4-2-4 4-215. Marking Training Material........................................................................4-2-4 4-216. Downgrading or Declassification Actions ..............................................4-2-4 4-217. Upgrading Action.......................................................................................4-2-4 4-218. Inadvertent Release....................................................................................4-2-4

CHAPTER 5. SAFEGUARDING CLASSIFIED INFORMATION

Section 1. General Safeguarding Requirements 5-100. General...........................................................................................................5-1-1 5-101. Safeguarding Oral Discussions...................................................................5-1-1 5-102. End of Day Security Checks.......................................................................5-1-1 5-103. Perimeter Controls........................................................................................5-1-1 5-104. Emergency Procedures................................................................................5-1-1

4

Section 2. Control and Accountability 5-200. Policy...........................................................................................................5-2-1 5-201. Accountability for TOP SECRET............................................................5-2-1 5-202. Receiving Classified Material...................................................................5-2-1 5-203. Generation of Classified Material ............................................................5-2-1

Section 3. Storage and Storage Equipment 5-300. General...........................................................................................................5-3-1 5-301. GSA Storage Equipment.............................................................................5-3-1 5-302. TOP SECRET Storage................................................................................5-3-1 5-303. SECRET Storage .........................................................................................5-3-1 5-304. CONFIDENTIAL Storage .........................................................................5-3-1 5-305. Restricted Areas............................................................................................5-3-1 5-306. Closed Areas.................................................................................................5-3-1 5-307. Supplemental Protection..............................................................................5-3-2 5-308. Protection of Combinations to Security Containers, Cabinets, Vaults and Closed Areas......................................................................................................5-3-2 5-309. Changing Combinations..............................................................................5-3-2 5-310. Supervision of Keys and Padlocks.............................................................5-3-2 5-311. Repair of Approved Containers..................................................................5-3-2 5-312. Supplanting Access Control Systems or Devices ....................................5-3-3 5-313. Automated Access Control Systems..........................................................5-3-3 5-314. Electronic, Mechanical, or Electro-mechanical Devices.........................5-3-4

Section 4. Transmission 5-400. General ........................................................................................................5-4-1 5-401. Preparation and Receipting .......................................................................5-4-1 5-402. TOP SECRET Transmission Outside a Facility.....................................5-4-1 5-403. SECRET Transmission Outside a Facility..............................................5-4-1 5-404. CONFIDENTIAL Transmission Outside a Facility..............................5-4-1 5-405. Transmission Outside the United States and Its Territorial Areas........5-4-1 5-406. Addressing Classified Material.................................................................5-4-2 5-407. Transmission Within a Facility.................................................................5-4-2 5-408. SECRET Transmission by Commercial Carrier ....................................5-4-2 5-409. CONFIDENTIAL Transmission by Commercial Carrier ....................5-4-3 5-410. Use of Couriers, Handcarriers, and Escorts.............................................5-4-3 5-411. Use of Commercial Passenger Aircraft for Transmitting Classified Material .................................................................................................5-4-3 5-412. Use of Escorts for Classified Shipments..................................................5-4-4 5-413. Functions of an Escort ...............................................................................5-4-4

Section 5. Disclosure 5-500. General ........................................................................................................5-5-1 5-501. Disclosure to Employees...........................................................................5-5-1 5-502. Disclosure to Subcontractors ....................................................................5-5-1 5-503. Disclosure between Parent and Subsidiaries...........................................5-5-1 5-504. Disclosure in an MFO ...............................................................................5-5-1 5-505. Disclosure to DoD Activities....................................................................5-5-1 5-506. Disclosure to Federal Agencies ................................................................5-5-1

5

5-507. Disclosure of Classified Information to Foreign Persons ......................5-5-1 5-508. Disclosure of Export Controlled Information to Foreign Persons ........5-5-1 5-509. Disclosure to Other Contractors ...............................................................5-5-1 5-510. Disclosure of Classified Information in Connection with Litigation....5-5-1 5-511. Disclosure to the Public.............................................................................5-5-1 Section 6. Reproduction 5-600. General ........................................................................................................5-6-1 5-601. Limitations..................................................................................................5-6-1 5-602. Marking Reproductions.............................................................................5-6-1 5-603. Records........................................................................................................5-6-1 Section 7. Disposition and Retention 5-700. General ........................................................................................................5-7-1 5-701. Retention of Classified Material...............................................................5-7-1 5-702. Termination of Security Agreement ........................................................5-7-1 5-703. Disposition of Classified Material Not Received Under a Specific Contract ...................................................................................................................5-7-1 5-704. Destruction..................................................................................................5-7-1 5-705. Methods of Destruction.............................................................................5-7-1 5-706. Witness to Destruction...............................................................................5-7-2 5-707. Destruction Records...................................................................................5-7-2 5-708. Classified Waste.........................................................................................5-7-2 Section 8. Construction Requirements 5-800. General ........................................................................................................5-8-1 5-801. Construction Requirements for Closed Areas.........................................5-8-1 5-802. Construction Requirements for Vaults ....................................................5-8-1 Section 9. Intrusion Detection Systems 5-900. General ........................................................................................................5-9-1 5-901. CSA Approval............................................................................................5-9-1 5-902. Central Monitoring Station .......................................................................5-9-1 5-903. Investigative Response to Alarms............................................................5-9-1 5-904. Installation...................................................................................................5-9-2 5-905. Certification of Compliance......................................................................5-9-2 5-906. Exceptional Cases ......................................................................................5-9-2

CHAPTER 6. VISITS and MEETINGS

Section 1. Visits 6-100. General ........................................................................................................6-1-1 6-101. Classified Visits..........................................................................................6-1-1 6-102. Need-to-Know Determination..................................................................6-1-1 6-103. Visits by Government Representatives....................................................6-1-1 6-104. Visit Authorization.....................................................................................6-1-1 6-105. Long-Term Visitors ...................................................................................6-1-1

Section 2. Meetings 6-200. General ........................................................................................................6-2-1 6-201. Government Sponsorship of Meetings ....................................................6-2-1

6

6-202. Disclosure Authority at Meetings.............................................................6-2-2 6-203. Requests to Attend Classified Meetings..................................................6-2-2

CHAPTER 7. SUBCONTRACTING

Section 1. Prime Contractor Responsibilities 7-100. General.......................................................................................7-1-1 7-101. Responsibilities..........................................................................7-1-1 7-102. Security Classification Guidance...............................................7-1-1 7-103. Responsibilities (Completion of the Subcontract).....................7-1-2 7-104. Notification of Unsatisfactory Conditions.................................7-1-2

CHAPTER 8. INFORMATION SYSTEM SECURITY

Section 1. Responsibilities and Duties 8-100. General ..............................................................................................................8-1-1 8-101. Responsibilities.................................................................................................8-1-1 8-102. Designated Accrediting/Approving Authority.............................................8-1-1 8-103. IS Security Manager (ISSM)..........................................................................8-1-1 8-104. Information System Security Officer(s) (ISSO) ..........................................8-1-2 8-105. Users of IS.........................................................................................................8-1-3

Section 2. Certification and Accreditation 8-200.Overview........................................................................................................8-2-1 8-201.Certification Process.....................................................................................8-2-1 8-202.Accreditation..................................................................................................8-2-1

Section 3. Common Requirements 8-300. Introduction.................................................................................................8-3-1 8-301. Clearing and Sanitization ..........................................................................8-3-1 8-302. Examination of Hardware and Software .................................................8-3-1 8-303. Identification and Authentication Management .....................................8-3-1 8-304. Maintenance ...............................................................................................8-3-2 8-305. Malicious Code ..........................................................................................8-3-2 8-306. Marking Hardware, Output, and Media ..................................................8-3-3 8-307. Personnel Security......................................................................................8-3-3 8-308. Physical Security .......................................................................8-3-3 8-309. Protection of Media ...................................................................8-3-3 8-310. Review of Output and Media.....................................................8-3-3 8-311. Configuration Management .......................................................8-3-3

Section 4. Protection Measures 8-400. Protection Profiles......................................................................................8-4-1 8-401. Level of Concern........................................................................................8-4-1 8-402. Protection Level .........................................................................................8-4-1 8-403. Protection Profiles......................................................................................8-4-1

Section 5. Special Categories 8-500. Special Categories......................................................................................8-5-1 8-501. Single-user, Stand-alone Systems ............................................................8-5-1

7

................
................

In order to avoid copyright disputes, this page is only a partial summary.

To fulfill the demand for quickly locating and searching documents.

It is intelligent file search solution for home and business.

Literature Lottery

National Industrial Security Program Operating Manual (NISPOM)

To fulfill the demand for quickly locating and searching documents.

Related download

Related searches

National Industrial Security Program Operating Manual (NISPOM)

Dod manual 5220 22 volume

To fulfill the demand for quickly locating and searching documents.

Related download

Related searches