Professional Documents
Culture Documents
Industrial Security
Industrial Security
Industrial Security
CHAPTER 1
Section 1. Introduction
Regulations.
1-101. Authority
a. The NISP was established by Executive Order
on agencies.
decree.
1-102. Scope
government-to-government agreements.
Commission (FCC).
applicable CSO.
channels.
home office.
classified information.
resolution.
Defense Hotline
The Pentagon
Washington, DC 20301-1900
(800) 424-9098
NRC Hotline
(800) 233-3497
CIA Hotline
(703) 874-2600
DOE Hotline
Department of Energy
(202) 586-4073
(800) 541-1625
proceedings.
1-2-2 DoD 5220.22-M, February 28, 2006
(reference (l)).
CSA.
number.
Clearance
locations.
approved to safeguard.
classification level.
subsequently determined.
any; and
of security requirements.
carelessness.
CHAPTER 2
Security Clearances
Government.
needed.
contracts.
appropriate.
the CSA.
2-200. General
by the CSA.
positions.
citizenship.
show that the birth record was filed shortly after birth
acceptable evidence:
proof of citizenship.
U.S. citizenship.
b. RD or FRD.
individual is a citizen.
d. COMSEC information.
e. Intelligence information.
government.
completion of full investigative requirements. NonU.S. citizens are not eligible for access to classified
appealed.
classified information.
appropriate.
terminated.
affected.
"DoD Component."
may pertain.
a foreign government.
corporate family.
performance; and
by the CSA.
influence.
unauthorized access to all classified and exportcontrolled information entrusted to or held by the
such as:
or ownership interests;
reorganizations;
information
be:
owner; and
FCL.
has occurred.
appropriate.
arrangement; and
changes;
agreement.
citizenship.
that GCA.
and considerations.
national security.
notified.
CHAPTER 3
information.
briefings.
date.
the following:
system.
requirements.
employee's job.
CHAPTER 4
Section 1. Classification
request.
responsible:
unnecessarily or improperly.
guidance.
contractor.
contract.
resolution.
4-105. Contractor Developed Information.
be used:
SECRET, or CONFIDENTIAL).
in the information.
public disclosure.
necessary safeguarding.
furnished to recipients.
shall be used.
the document.
accompanying documentation.
information are:
DERIVED FROM
DOWNGRADE TO ON
DECLASSIFY ON
the contract.
document.
material.
purpose.
declassification instructions.
document.
declassified.
marked.
material.
may be used.
shipment.
by the contractor.
instruction.
been lost.
CSA.
CHAPTER 5
secured.
exits.
personal nature.
classified material.
transaction documents.
facility.
b. Classified working papers generated by the
shall be: (1) dated when created, (2) marked with its
the GSA.
1, 2012:
contract performance.
d. The CSA may grant self-approval authority to
the CSA.
with security-in-depth.
clearance granted to any such person has been withdrawn, suspended, or revoked.
5-314, below, may be used to supplant contractorauthorized personnel or guards to control admittance
to
information:
recognition.
compromise.
is suspended or revoked.
protected.
mandatory.
unattended.
Devices may be used that operate by either a pushbutton combination that activates the locking device
or
by a control card used in conjunction with a pushbutton combination, thereby excluding any system
that
manipulation of components.
Section 4. Transmission
receipt is returned.
in transit.
the GCA.
GCA.
Mail.
GCA.
SENDER."
disclosure.
or delayed shipments.
U.S. Government.
the consignor.
capability, if needed.
charged.
security personnel.
to be followed.
material;
the following:
delivered;
b. Receipting procedures;
used;
operations; and
agencies, as necessary.
are required.
Section 5. Disclosure
persons.
information.
and FRD, the NSA for COMSEC, the DNI for SCI,
208.)
disclosure.
by the GCA:
Section 6. Reproduction
encouraged.
5-601. Limitations
follows:
prospective subcontractor.
documents.
years.
5-700. General
(specify contract).
day it is removed.
construction.
opening.
b. Walls. Walls must be not less than 8-inchthick hollow clay tile (vertical cell double shells) or
concrete blocks (thick shells). Monolithic steelreinforced concrete walls at least 4 inches thick may
d. Vault Door and Frame Unit. A GSAapproved vault door and frame unit shall be used.
surreptitious removal.
Description Form.
site.
for 30 days.
accomplished.
5-903. Investigative Response to Alarms. The
guard service.
following circumstances:
station.
minutes.
of certification practices.
enforcement organization.
Systems
Alarm Systems
response.
5-9-3 DoD 5220.22-M, February 28, 2006
CHAPTER 6
Section 1. Visits
Federal facility.
visitor’s employer.
clearance;
to be valid.
contractor.
installations.
Section 2. Meetings
meeting.
proposed.
meeting.
identification card.
by this Manual.
a meeting shall:
information involved.
disclosure approvals.
CHAPTER 7
Subcontracting
subcontractor.
are required:
subcontract.
solicitation.
capability.
subcontractors.
access requirements.
provided:
prospective subcontractor;
subcontract.
separate correspondence.
requirements change.
the GCA.
disposition instructions.
subcontract.
CHAPTER 8
8-100. General
NISPOM Supplement
8-101. Responsibilities
and maintained.
threats/vulnerabilities to IS.
procedures to:
information.
security-relevant features.
the IS.
(hackers), as appropriate.
accreditation.
access a system.
provisions.
g. Ensure:
appropriate.
least annually.
or general users.
include:
equipment.
tools).
human review.
Program requirements.
classified information.
information.
comprehensive evaluation of the technical and nontechnical security features of an IS and other
interim approval.
b. Reaccreditation. IS shall be reaccredited
procedures prior to implementation. All securityrelevant changes shall be subject to the provisions of
invalid immediately whenever detrimental, securitysignificant changes occur to any of the following: the
respective facility.
classification level.
into use.
a. IS Software. Commercially procured software
specified.
additional examination.
users have the appropriate clearances and need-toknow for the information on a particular system and
approved security area, and all uncleared/lowercleared personnel are escorted within the area.
controls, or both.
system.
shall apply:
(1) Passwords shall be protected at a level
compromised.
Personnel
system.
on the system.
potential for retaining information, terminals, standalone microprocessors, or word processors used as
performance.
shall be so marked.
clearance level, formal access approvals, and need-toknow held by users of the IS, and the classification
CSA-approved area.
security markings.
of output.
approved system.
location.
media.
or availability.
follows:
used.
system in question.
accomplish a mission.
8-402. Protection Level. The protection level of an
level of concern.
level of concern.
Medium
SECRET
Basic CONFIDENTIAL
High
Absolute accuracy required for mission accomplishment; or loss of life might result from loss
of integrity; or loss of integrity will have an adverse effect on national-level interests; or loss
Medium
High degree of accuracy required for mission accomplishment, but not absolute; or bodily
injury might result from loss of integrity; or loss of integrity will have an adverse effect on
organizational-level interests.
High
Information must always be available upon request, with no tolerance for delay; or loss of life
might result from loss of availability; or loss of availability will have an adverse effect on
Medium
Information must be readily available with minimum tolerance for delay; or bodily injury
might result from loss of availability; or loss of availability will have an adverse effect on
organizational-level interests.
NOTE: In this context, “High - no tolerance for delay” means no delay; “Medium - minimum tolerance
for delay”
means a delay of seconds to hours; and “Basic - flexible tolerance for delay” means a delay of days to
weeks. In the
context of the NISPOM, integrity and availability shall only apply when the have a direct impact on
protection
measures for confidentiality, i.e., integrity of the password file, integrity of audit logs or when
contractually
imposed.
Highest Data
ALL
Not contributing
to the decision
ALL
Highest Data
Requirements (Paragraph) P L 1 PL 2 PL 3
Audit 4
inappropriate and inordinately expensive for singleuser, stand-alone systems. The CSA can approve
characteristics:
system.
messaging services).
operational environment.
section.
security disciplines.
additional security requirements specified for moregeneral-purpose systems in this section. The CSA
level.
measure.
a. Audit 1 Requirements
and logoffs.
deletion.
the action.
1:
2:
3:
is working.
a. Backup 1 Requirements
shall be documented.
Backup 1:
Backup 2:
a. Integrity 1 Requirements
Integrity 1:
a. Trans 1 Requirements
a. Access 1 Requirements
personnel.
Access 1:
2:
another user.
the SSP:
distribution.
of authenticators.
case of compromise.
authenticators.
mechanism.
user’s session.
a. SessCtrl 1 Requirements
system.
SessCtrl 1:
a. Doc 1 Requirements
following:
of IS users.
level of concern.
to the SSP.
flow diagram.
Documentation.
assessment.
recovery is done in a controlled manner. If any offnormal conditions arise during recovery, the IS shall
Structure).
a. SysAssur 1 Requirements
authorized personnel.
SysAssur1:
documented.
SysAssur2:
tests.
operational.
and operational.
and availability.
procedures.
level.
users.
systems; or
following:
security-related information.
the following:
code.
integrity or availability.
CHAPTER 9
Special Requirements
(NSI)).
c. CONFIDENTIAL RD – A favorable
NACLC.
NACLC.
9-105. Classification.
9-106. Declassification.
documents.
RESTRICTED DATA
DoD.
or TS(RD)(CNWDI).
correspondence.
shall verify from the CSA that the facility has been
CNWDI.
However, certain Weapon Data has been recategorized as CNWDI and is protected as described in
this section.
policy processes.
IC.
process SCI.
of intelligence information.
information.
security countermeasures.
Intelligence Information
a. “DISSEMINATION AND EXTRACTION
OF INFORMATION CONROLLED BY
c. “CAUTION-PROPRIETARY
indicated.
COMSEC material.
seed key.
custodians.
briefed.
account and notify the CSA that the account has been
established.
Requirements
of COMSEC information.
COMSEC briefings.
Requirements
employee:
applicable law.
the SD 572 not later than 90 days from the date access is
no longer required.
COMSEC briefings.
instructions.
CHAPTER 10
NRC.
a. Government-to-Government International
(reference (w).
authorization.
protected as follows:
releasing government.
government; and
classification markings.
contract.
or subcontractor unless:
Government.
be destroyed.
Material.
information.
sources.
as applicable.
information.
storage container.
an export authorization.
years.
10-312. Subcontracting
subcontract.
government authorities.
Material
arrangements.
CSA.
an FCL.
such size and weight that the courier can retain it in his
of the journey.
dispatching office.
courier.
government officials.
custody.
402d, and travel direct routes between the U.S. and the
destination.
transfers:
request.
material is ready.
particular transfer.
schedule.
ITAR Exemption
facilities.
authorization.
international visits:
a. One-time Visits. A visit for a single, shortterm occasion (normally less than 30 days) for a
specified purpose.
follows:
CSA. The host for the visit should coordinate the visit
contractor.
Nationals
sale).
information.
such employee.
classified information.
Contractor.
infrastructure project.
equivalent level.
database.
briefed.
CSA.
be assigned as follows:
(1) The first element shall be the abbreviation
MM/NS-0013/93.
information:
safeguarded accordingly."
Kingdom."
CUSR.
contracting agency.
except as follows:
documents.
as the original.
ATOMAL documents.
the CSA.
CUSR.
the GCA for U.S. contracts, and through the CSA for
nation.
CHAPTER 11
Miscellaneous Information
Section 1. TEMPEST
electronic means.
programs.
contract or subcontract.
sources.
classification.
contract;
contract;
DTIC; or
IR&D efforts.
11-3-2