Information Security Oversight Office; National Industrial Security Program Directive No. 1, 4541-4543 [E6-815]
Download as PDF
<![CDATA[
Federal Register / Vol. 71, No. 18 / Friday, January 27, 2006 / Proposed Rules
application filed pursuant to paragraph
(a) of this section.
(c) All potentially affected qualifying
facilities shall include:
(1) Those qualifying facilities that
have existing power purchase contracts
with the applicant;
(2) Other qualifying facilities that sell
their output to the applicant or that
have pending self-certification or
Commission certification with the
Commission for qualifying facility status
whereby the applicant will be the
purchaser of the qualifying facility’s
output;
(3) Any developer of generating
facilities with whom the applicant has
agreed to enter into power purchase
contracts or are in discussion with
regard to power purchase contacts;
(4) The developers of facilities that
have pending state avoided cost
proceedings; and
(5) Any other qualifying facilities that
the applicant reasonably believes to be
affected by its application filed pursuant
to paragraph (a) of this section.
§ 292.311 Reinstatement of obligation to
purchase.
rmajette on PROD1PC67 with PROPOSALS
At any time after the Commission
makes a finding under § 292.310
relieving an electric utility of its
obligation to purchase electric energy, a
qualifying cogeneration facility, a
qualifying small power production
facility, a State agency, or any other
affected person may apply to the
Commission for an order reinstating the
electric utility’s obligation to purchase
electric energy under this section, if
there has been a change in the
conditions upon which the Commission
based its finding. Such application shall
set forth the factual basis upon which
the application is based and describe
why the conditions set forth in
§ 292.309 (a)(1), (2) or (3) are no longer
met. After notice, including sufficient
notice to potentially affected utilities,
and opportunity for comment, the
Commission shall issue an order within
90 days of such application reinstating
the electric utility’s obligation to
purchase electric energy under this
section if the Commission finds that the
conditions set forth in § 292.309 (a)(1),
(2), or (3) which relieved the obligation
to purchase, are no longer met.
§ 292.312 Procedures for utilities
requesting termination of obligation to sell
to qualifying facilities.
(a) An electric utility shall not be
required to enter into a new contract or
obligation to sell electric energy to a
qualifying small power production
facility, an existing qualifying
cogeneration qualifying facility, or a
VerDate Aug<31>2005
15:15 Jan 26, 2006
Jkt 208001
new qualifying cogeneration facility if
the Commission has found that:
(1) Competing retail electric suppliers
are willing and able to sell and deliver
electric energy to the qualifying
cogeneration facility or qualifying small
power production facility; and
(2) The electric utility is not required
by State law to sell electric energy in its
service territory.
(b) Any electric utility may file an
application with this Commission for
relief from the mandatory obligation to
sell under this paragraph on a service
territory-wide basis or a single
qualifying facility basis. Such
application shall set forth the factual
basis upon which relief is requested and
describe why the conditions set forth in
paragraphs (a)(1) and (a)(2) of this
section have been met. After notice,
including sufficient notice to potentially
affected qualifying facilities, and an
opportunity for comment, the
Commission shall make a final
determination within 90 days of such
application regarding whether the
conditions set forth in paragraphs (a)(1)
and (a)(2) of this section have been met.
§ 292.313
sell.
Reinstatement of obligation to
At any time after the Commission
makes a finding under § 292.312
relieving an electric utility of its
obligation to sell electric energy, a
qualifying cogeneration facility, a
qualifying small power production
facility, a State agency, or any other
affected person may apply to the
Commission for an order reinstating the
electric utility’s obligation to sell
electric energy under this section, if
there has been a change in the
conditions upon which the Commission
based its finding. Such application shall
set forth the factual basis upon which
the application is based and describe
why the conditions set forth in
§ 292.312 (a)(1) and (a)(2) are no longer
met. After notice, including sufficient
notice to potentially affected utilities,
and opportunity for comment, the
Commission shall issue an order within
90 days of such application reinstating
the electric utility’s obligation to sell
electric energy under this section if the
Commission finds that the conditions
set forth in § 292.312 (a)(1) and (a)(2) are
no longer met.
§ 292.314
Existing rights and remedies.
Nothing in this §§ 292.303 through
292.314 affects the rights or remedies of
any party under any contract or
obligation, in effect or pending approval
before the appropriate State regulatory
authority or non-regulated electric
utility on or before August 8, 2005, to
PO 00000
Frm 00012
Fmt 4702
Sfmt 4702
4541
purchase electric energy or capacity
from or to sell electric energy or
capacity to a qualifying cogeneration
facility or qualifying small power
production facility (including the right
to recover costs of purchasing electric
energy or capacity).
[FR Doc. E6–940 Filed 1–26–06; 8:45 am]
BILLING CODE 6717–01–P
NATIONAL ARCHIVES AND RECORDS
ADMINISTRATION
Information Security Oversight Office
32 CFR Part 2004
RIN 3095–AB34
Information Security Oversight Office;
National Industrial Security Program
Directive No. 1
Information Security Oversight
Office (ISOO), National Archives and
Records Administration (NARA).
ACTION: Implementing directive;
proposed rule.
AGENCY:
SUMMARY: The Information Security
Oversight Office (ISOO), National
Archives and Records Administration
(NARA), is publishing this Directive as
a proposed rule and pursuant to section
102(b)(1) of Executive Order 12829, as
amended, relating to the National
Industrial Security Program. This order
establishes a National Industrial
Security Program (NISP) to safeguard
Federal Government classified
information that is released to
contractors, licensees, and grantees of
the United States Government.
Redundant, overlapping, or unnecessary
requirements impede those interests.
Therefore, the NISP serves as the single,
integrated, cohesive industrial security
program to protect classified
information and to preserve our
Nation’s economic and technological
interests. This Directive sets forth
guidance to agencies to set uniform
standards throughout the NISP that
promote these objectives.
DATES: Comments must be received on
or before March 13, 2006.
ADDRESSES: You may submit comments,
identified by ‘‘RIN 3095–AB34,’’ by any
of the following methods:
Federal eRulemaking Portal: https://
www.regulations.gov. Follow the
instructions for submitting comments.
E-mail: comments@nara.gov. Include
‘‘RIN 3095–AB34’’ in the subject line of
the message.
Fax: (301) 837–0319.
Mail: Regulation Comments Desk
(NPOL), Room 4100, National Archives
E:\FR\FM\27JAP1.SGM
27JAP1
rmajette on PROD1PC67 with PROPOSALS
4542
Federal Register / Vol. 71, No. 18 / Friday, January 27, 2006 / Proposed Rules
and Records Administration, 8601
Adelphi Road, College Park, MD 20740–
6001.
Hand Delivery/Courier: Regulation
Comments Desk (NPOL), Room 4100,
National Archives and Records
Administration, 8601 Adelphi Road,
College Park, MD 20740–6001.
FOR FURTHER INFORMATION CONTACT: J.
William Leonard, Director, ISOO, at
202–219–5250.
SUPPLEMENTARY INFORMATION: This
proposed rule is being issued pursuant
to the provisions of section 102(b)(1) of
Executive Order 12829, January 6, 2003
(58 FR 3479), as amended by Executive
Order 12885, December 14, 1993, (58 FR
65863). The purpose of this Directive is
to assist in implementing the Order;
users of the Directive shall refer
concurrently to that Order for guidance.
As of November 17, 1995, ISOO became
a part of NARA. The drafting,
coordination, and issuance of this
Directive fulfills one of the
responsibilities of the implementation
delegated to the ISOO Director. ISOO
maintains oversight over Executive
Order 12958, as amended, and policy
oversight over Executive Order 12829,
as amended. Nothing in this directive
shall be construed to supersede the
authority of the Secretary of Energy or
the Nuclear Regulatory Commission
under the Atomic Energy Act of 1954,
as amended (42 U.S.C. 2011 et seq.), or
the authority of the Director of Central
Intelligence under the National Security
Act of 1947, as amended, or Executive
Order No. 12333 of December 8, 1981,
or the authority of the Director of
National Intelligence under the
Intelligence Reform and Terrorism
Prevention Act of 2004. Requirements of
the latter Act will necessitate additional
future changes to Executive Order 12829
and this implementing Directive. The
interpretive guidance contained in this
proposed rule will assist agencies in
implementing Executive Order 12829,
as amended.
The proposed rule is [not] a
significant regulatory action for the
purposes of Executive Order 12866. The
proposed rule is [not] a major rule as
defined in 5 U.S.C. Chapter 8,
Congressional Review of Agency
Rulemaking. As required by the
Regulatory Flexibility Act, we certify
that this proposed rule will [not] have
a significant impact on a substantial
number of small entities because it
applies only to Federal agencies.
List of Subjects in 32 CFR Part 2004
Classified information.
1. For the reasons set forth in the
preamble, NARA proposes to amend
VerDate Aug<31>2005
15:15 Jan 26, 2006
Jkt 208001
Title 32 of the Code of Federal
Regulations to add part 2004 as follows:
§ 2004.11 Agency implementing
regulations, internal rules, or guidelines
[102(b)(3)].
PART 2004—NATIONAL INDUSTRIAL
SECURITY PROGRAM DIRECTIVE
NO. 1
(a) Reviews and Updates. All
implementing regulations, internal
rules, or guidelines that pertain to the
NISP shall be reviewed and updated by
the originating agency, as circumstances
require. If a change in national policy
necessitates a change in agency
implementing regulations, internal
rules, or guidelines that pertain to the
NISP, the agency shall promptly issue
revisions.
(b) Reviews by ISOO. The Director,
ISOO, shall review agency
implementing regulations, internal
rules, or guidelines, as necessary, to
ensure consistency with NISP policies
and procedures. Such reviews should
normally occur during routine oversight
visits, when there is indication of a
problem that comes to the attention of
the Director, ISOO, or after a change in
national policy that impacts such
regulations, rules, or guidelines. The
Director, ISOO, shall provide findings
from such reviews to the responsible
department or agency.
Subpart A—Implementation and Oversight
Sec.
2004.10 Responsibilities of the Director,
Information Security Oversight Office
(ISOO) [102(b)].
2004.11 Agency implementing regulations,
internal rules, or guidelines [102(b)(3)].
2004.12 Reviews by ISOO [102(b)(4)].
Subpart B—Operations
2004.20 National Industrial Security
Program Operating Manual (NISPOM)
[201(a)].
2004.21 Protection of classified information
[201(e)].
2004.22 Operational responsibilities
[202(a)].
2004.23 Cost reports [203 (d)].
2004.24 Definitions.
Authority: Section 102(b)(1) of Executive
Order 12829, January 6, 2003, 58 FR 3479, as
amended by Executive Order 12885,
December 14, 1993, 58 FR 65863.
Subpart A—Implementation and
Oversight
§ 2004.10 Responsibilities of the Director,
Information Security Oversight Office
(ISOO) [102(b)].1
The Director ISOO shall:
(a) Implement EO 12829, as amended.
(b) Ensure that the NISP is operated
as a single, integrated program across
the Executive Branch of the Federal
Government; i.e., that the Executive
Branch departments and agencies
adhere to NISP principles.
(c) Ensure that each contractor’s
implementation of the NISP is overseen
by a single Cognizant Security Authority
(CSA), based on a preponderance of
classified contracts per agreement by the
CSAs.
(d) Ensure that all Executive Branch
departments and agencies that contract
for classified work have included the
Security Requirements clause, 52.204–2,
from the Federal Acquisition Regulation
(FAR), or an equivalent clause, in such
contract.
(e) Ensure that those Executive
Branch departments and agencies for
which the Department of Defense (DoD)
serves as the CSA have entered into
agreements with the DoD that establish
the terms of the Secretary’s
responsibilities on behalf of those
agency heads.
1 Bracketed
references pertain to related sections
of Executive Order 12829, as amended by E.O.
12885.
PO 00000
Frm 00013
Fmt 4702
Sfmt 4702
§ 2004.12
Reviews by ISOO [102(b)(4)].
The Director, ISOO, shall fulfill his
monitoring role based, in part, on
information received from NISP Policy
Advisory Committee (NISPPAC)
members, from on-site reviews that
ISOO conducts under the authority of
EO 12829, as amended, and from
complaints and suggestions from
persons within or outside the
Government. Findings shall be reported
to the responsible department or agency.
Subpart B—Operations
§ 2004.20 National Industrial Security
Program Operating Manual (NISPOM)
[201(a)].
(a) The NISPOM applies to release of
classified information during all phases
of the contracting process.
(b) As a general rule, procedures for
safeguarding classified information by
contractors and recommendations for
changes shall be addressed through the
NISPOM coordination process that shall
be facilitated by the Executive Agent.
The Executive Agent shall address
NISPOM issues that surface from
industry, Executive Branch departments
and agencies, or the NISPPAC. When
consensus cannot be achieved through
the NISPOM coordination process, the
issue shall be raised to the NSC for
resolution.
§ 2004.21 Protection of classified
information [201(e)].
Procedures for the safeguarding of
classified information by contractors are
E:\FR\FM\27JAP1.SGM
27JAP1
Federal Register / Vol. 71, No. 18 / Friday, January 27, 2006 / Proposed Rules
promulgated in the NISPOM. DoD, as
the Executive Agent, shall use standards
applicable to agencies as the basis for
the requirements, restrictions, and
safeguards contained in the NISPOM;
however, the NISPOM requirements
may be designed to accommodate as
necessary the unique circumstances of
industry. Any issue pertaining to
deviation of industry requirements in
the NISPOM from the standards
applicable to agencies shall be
addressed through the NISPOM
coordination process.
rmajette on PROD1PC67 with PROPOSALS
§ 2004.22
[202(a)].
Operational responsibilities
15:15 Jan 26, 2006
Jkt 208001
Cost reports [203 (d)].
(a) The Executive Branch departments
and agencies shall provide information
each year to the Director, ISOO, on the
costs within the agency associated with
implementation of the NISP for the
previous year.
(b) The DoD as the Executive Agent
shall develop a cost methodology in
coordination with industry to collect the
costs incurred by contractors of all
Executive Branch departments and
agencies to implement the NISP, and
shall report those costs to the Director,
ISOO, on an annual basis.
§ 2004.24
(a) Designation of Cognizant Security
Authority (CSA). The CSA for a
contractor shall be determined by the
preponderance of classified contract
activity per agreement by the CSAs. The
responsible CSA shall conduct oversight
inspections of contractor security
programs and provide other support
services to contractors as necessary to
ensure compliance with the NISPOM
and that contractors are protecting
classified information as required. DoD,
as Executive Agent, shall serve as the
CSA for all Executive Branch
departments and agencies that are not a
designated CSA. As such, DoD shall:
(1) Provide training to industry to
ensure that industry understands the
responsibilities associated with
protecting classified information.
(2) Validate the need for contractor
access to classified information, shall
establish a system to request personnel
security investigations for contractor
personnel, and shall ensure adequate
funding for investigations of those
contractors under Department of
Defense cognizance.
(3) Maintain a system of eligibility
and access determinations of contractor
personnel.
(b) General Responsibilities. Executive
Branch departments and agencies that
issue contracts requiring industry to
have access to classified information
and are not a designated CSA shall:
(1) Include the Security Requirements
clause, 52.204–2, from the FAR in such
contracts;
(2) Incorporate a Contract Security
Classification Specification (DD 254)
into the contracts in accordance with
the FAR subpart 4.4;
(3) Sign agreements with the
Department of Defense as the Executive
Agent for industrial security services;
and
(4) Ensure applicable department and
agency personnel having NISP
implementation responsibilities are
provided appropriate education and
training.
VerDate Aug<31>2005
§ 2004.23
Definitions.
For the purposes of this part the
following definitions apply:
(a) Cognizant Security Agencies
(CSAs) means the Executive Branch
departments and agencies authorized in
EO 12829, as amended, to establish
industrial security programs: the
Department of Defense, designated as
the Executive Agent; the Department of
Energy; the Nuclear Regulatory
Commission; and the Central
Intelligence Agency.
(b) Contractor means any industrial,
education, commercial, or other entity,
to include licensees or grantees that has
been granted access to classified
information. Contractor does not
include individuals engaged under
personal services contracts.
Dated: December 5, 2005.
J. William Leonard,
Director, Information Security Oversight
Office.
Approved: January 14, 2006.
Allen Weinstein,
Archivist of the United States.
[FR Doc. E6–815 Filed 1–26–06; 8:45 am]
BILLING CODE 7515–01–P
ENVIRONMENTAL PROTECTION
AGENCY
40 CFR Part 52
[NM–4–1–5208b; FRL–8025–4]
Approval and Promulgation of
Implementation Plans; New Mexico,
Visibility
Environmental Protection
Agency (EPA).
ACTION: Proposed rule.
AGENCY:
SUMMARY: EPA is proposing to approve
a revision to the New Mexico State
Implementation Plan (SIP). This
revision satisfies the New Source
Review (NSR) and monitoring plan
requirements for visibility, otherwise
known as the ‘‘Phase I, Part I Visibility
PO 00000
Frm 00014
Fmt 4702
Sfmt 4702
4543
SIP.;’’ In addition, this revision includes
the implementation control strategies,
integral vistas protection, and long term
strategies, otherwise known as the
‘‘Phase I, Part II Visibility SIP.’’ Lastly,
EPA is proposing to remove the SIP
disapprovals associated with Phase I,
Parts I and II, and the resultant Federal
Implementation Plans (FIPs).
DATES: Written comments must be
received on or before February 27, 2006.
ADDRESSES: Comments may be mailed to
Mr. Thomas Diggs, Chief, Air Planning
Section (6PD–L), Environmental
Protection Agency, 1445 Ross Avenue,
Suite 1200, Dallas, Texas 75202–2733.
Comments may also be submitted
electronically or through hand delivery/
courier by following the detailed
instructions in the ADDRESSES section of
the direct final rule located in the rules
section of this Federal Register.
FOR FURTHER INFORMATION CONTACT: Joe
Kordzi, Air Planning Section (6PD–L),
Environmental Protection Agency,
Region 6, 1445 Ross Avenue, Suite 700,
Dallas, Texas 75202–2733, telephone
(214) 665–7186; fax number 214–665–
7263; e-mail address
kordzi.joe@epa.gov.
SUPPLEMENTARY INFORMATION: In the
final rules section of this Federal
Register, EPA is approving the State’s
SIP submittal as a direct final rule
without prior proposal because the
Agency views this as a noncontroversial
submittal and anticipates no adverse
comments. A detailed rationale for the
approval is set forth in the direct final
rule. If no adverse comments are
received in response to this action rule,
no further activity is contemplated. If
EPA receives adverse comments, the
direct final rule will be withdrawn and
all public comments received will be
addressed in a subsequent final rule
based on this proposed rule. EPA will
not institute a second comment period.
Any parties interested in commenting
on this action should do so at this time.
Please note that if EPA receives adverse
comment on an amendment, paragraph,
or section of this rule and if that
provision may be severed from the
remainder of the rule, EPA may adopt
as final those provisions of the rule that
are not the subject of an adverse
comment.
For additional information, see the
direct final rule which is located in the
‘‘Rules and Regulations’’ section of this
Federal Register.
Dated: January 18, 2006.
Richard E. Greene,
Regional Administrator, Region 6.
[FR Doc. 06–759 Filed 1–26–06; 8:45 am]
BILLING CODE 6560–50–P
E:\FR\FM\27JAP1.SGM
27JAP1
]]>Agencies
[Federal Register Volume 71, Number 18 (Friday, January 27, 2006)]
[Proposed Rules]
[Pages 4541-4543]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E6-815]
=======================================================================
-----------------------------------------------------------------------
NATIONAL ARCHIVES AND RECORDS ADMINISTRATION
Information Security Oversight Office
32 CFR Part 2004
RIN 3095-AB34
Information Security Oversight Office; National Industrial
Security Program Directive No. 1
AGENCY: Information Security Oversight Office (ISOO), National Archives
and Records Administration (NARA).
ACTION: Implementing directive; proposed rule.
-----------------------------------------------------------------------
SUMMARY: The Information Security Oversight Office (ISOO), National
Archives and Records Administration (NARA), is publishing this
Directive as a proposed rule and pursuant to section 102(b)(1) of
Executive Order 12829, as amended, relating to the National Industrial
Security Program. This order establishes a National Industrial Security
Program (NISP) to safeguard Federal Government classified information
that is released to contractors, licensees, and grantees of the United
States Government. Redundant, overlapping, or unnecessary requirements
impede those interests. Therefore, the NISP serves as the single,
integrated, cohesive industrial security program to protect classified
information and to preserve our Nation's economic and technological
interests. This Directive sets forth guidance to agencies to set
uniform standards throughout the NISP that promote these objectives.
DATES: Comments must be received on or before March 13, 2006.
ADDRESSES: You may submit comments, identified by ``RIN 3095-AB34,'' by
any of the following methods:
Federal eRulemaking Portal: https://www.regulations.gov. Follow the
instructions for submitting comments.
E-mail: comments@nara.gov. Include ``RIN 3095-AB34'' in the subject
line of the message.
Fax: (301) 837-0319.
Mail: Regulation Comments Desk (NPOL), Room 4100, National Archives
[[Page 4542]]
and Records Administration, 8601 Adelphi Road, College Park, MD 20740-
6001.
Hand Delivery/Courier: Regulation Comments Desk (NPOL), Room 4100,
National Archives and Records Administration, 8601 Adelphi Road,
College Park, MD 20740-6001.
FOR FURTHER INFORMATION CONTACT: J. William Leonard, Director, ISOO, at
202-219-5250.
SUPPLEMENTARY INFORMATION: This proposed rule is being issued pursuant
to the provisions of section 102(b)(1) of Executive Order 12829,
January 6, 2003 (58 FR 3479), as amended by Executive Order 12885,
December 14, 1993, (58 FR 65863). The purpose of this Directive is to
assist in implementing the Order; users of the Directive shall refer
concurrently to that Order for guidance. As of November 17, 1995, ISOO
became a part of NARA. The drafting, coordination, and issuance of this
Directive fulfills one of the responsibilities of the implementation
delegated to the ISOO Director. ISOO maintains oversight over Executive
Order 12958, as amended, and policy oversight over Executive Order
12829, as amended. Nothing in this directive shall be construed to
supersede the authority of the Secretary of Energy or the Nuclear
Regulatory Commission under the Atomic Energy Act of 1954, as amended
(42 U.S.C. 2011 et seq.), or the authority of the Director of Central
Intelligence under the National Security Act of 1947, as amended, or
Executive Order No. 12333 of December 8, 1981, or the authority of the
Director of National Intelligence under the Intelligence Reform and
Terrorism Prevention Act of 2004. Requirements of the latter Act will
necessitate additional future changes to Executive Order 12829 and this
implementing Directive. The interpretive guidance contained in this
proposed rule will assist agencies in implementing Executive Order
12829, as amended.
The proposed rule is [not] a significant regulatory action for the
purposes of Executive Order 12866. The proposed rule is [not] a major
rule as defined in 5 U.S.C. Chapter 8, Congressional Review of Agency
Rulemaking. As required by the Regulatory Flexibility Act, we certify
that this proposed rule will [not] have a significant impact on a
substantial number of small entities because it applies only to Federal
agencies.
List of Subjects in 32 CFR Part 2004
Classified information.
1. For the reasons set forth in the preamble, NARA proposes to
amend Title 32 of the Code of Federal Regulations to add part 2004 as
follows:
PART 2004--NATIONAL INDUSTRIAL SECURITY PROGRAM DIRECTIVE NO. 1
Subpart A--Implementation and Oversight
Sec.
2004.10 Responsibilities of the Director, Information Security
Oversight Office (ISOO) [102(b)].
2004.11 Agency implementing regulations, internal rules, or
guidelines [102(b)(3)].
2004.12 Reviews by ISOO [102(b)(4)].
Subpart B--Operations
2004.20 National Industrial Security Program Operating Manual
(NISPOM) [201(a)].
2004.21 Protection of classified information [201(e)].
2004.22 Operational responsibilities [202(a)].
2004.23 Cost reports [203 (d)].
2004.24 Definitions.
Authority: Section 102(b)(1) of Executive Order 12829, January
6, 2003, 58 FR 3479, as amended by Executive Order 12885, December
14, 1993, 58 FR 65863.
Subpart A--Implementation and Oversight
Sec. 2004.10 Responsibilities of the Director, Information Security
Oversight Office (ISOO) [102(b)].1
---------------------------------------------------------------------------
\1\ Bracketed references pertain to related sections of
Executive Order 12829, as amended by E.O. 12885.
---------------------------------------------------------------------------
The Director ISOO shall:
(a) Implement EO 12829, as amended.
(b) Ensure that the NISP is operated as a single, integrated
program across the Executive Branch of the Federal Government; i.e.,
that the Executive Branch departments and agencies adhere to NISP
principles.
(c) Ensure that each contractor's implementation of the NISP is
overseen by a single Cognizant Security Authority (CSA), based on a
preponderance of classified contracts per agreement by the CSAs.
(d) Ensure that all Executive Branch departments and agencies that
contract for classified work have included the Security Requirements
clause, 52.204-2, from the Federal Acquisition Regulation (FAR), or an
equivalent clause, in such contract.
(e) Ensure that those Executive Branch departments and agencies for
which the Department of Defense (DoD) serves as the CSA have entered
into agreements with the DoD that establish the terms of the
Secretary's responsibilities on behalf of those agency heads.
Sec. 2004.11 Agency implementing regulations, internal rules, or
guidelines [102(b)(3)].
(a) Reviews and Updates. All implementing regulations, internal
rules, or guidelines that pertain to the NISP shall be reviewed and
updated by the originating agency, as circumstances require. If a
change in national policy necessitates a change in agency implementing
regulations, internal rules, or guidelines that pertain to the NISP,
the agency shall promptly issue revisions.
(b) Reviews by ISOO. The Director, ISOO, shall review agency
implementing regulations, internal rules, or guidelines, as necessary,
to ensure consistency with NISP policies and procedures. Such reviews
should normally occur during routine oversight visits, when there is
indication of a problem that comes to the attention of the Director,
ISOO, or after a change in national policy that impacts such
regulations, rules, or guidelines. The Director, ISOO, shall provide
findings from such reviews to the responsible department or agency.
Sec. 2004.12 Reviews by ISOO [102(b)(4)].
The Director, ISOO, shall fulfill his monitoring role based, in
part, on information received from NISP Policy Advisory Committee
(NISPPAC) members, from on-site reviews that ISOO conducts under the
authority of EO 12829, as amended, and from complaints and suggestions
from persons within or outside the Government. Findings shall be
reported to the responsible department or agency.
Subpart B--Operations
Sec. 2004.20 National Industrial Security Program Operating Manual
(NISPOM) [201(a)].
(a) The NISPOM applies to release of classified information during
all phases of the contracting process.
(b) As a general rule, procedures for safeguarding classified
information by contractors and recommendations for changes shall be
addressed through the NISPOM coordination process that shall be
facilitated by the Executive Agent. The Executive Agent shall address
NISPOM issues that surface from industry, Executive Branch departments
and agencies, or the NISPPAC. When consensus cannot be achieved through
the NISPOM coordination process, the issue shall be raised to the NSC
for resolution.
Sec. 2004.21 Protection of classified information [201(e)].
Procedures for the safeguarding of classified information by
contractors are
[[Page 4543]]
promulgated in the NISPOM. DoD, as the Executive Agent, shall use
standards applicable to agencies as the basis for the requirements,
restrictions, and safeguards contained in the NISPOM; however, the
NISPOM requirements may be designed to accommodate as necessary the
unique circumstances of industry. Any issue pertaining to deviation of
industry requirements in the NISPOM from the standards applicable to
agencies shall be addressed through the NISPOM coordination process.
Sec. 2004.22 Operational responsibilities [202(a)].
(a) Designation of Cognizant Security Authority (CSA). The CSA for
a contractor shall be determined by the preponderance of classified
contract activity per agreement by the CSAs. The responsible CSA shall
conduct oversight inspections of contractor security programs and
provide other support services to contractors as necessary to ensure
compliance with the NISPOM and that contractors are protecting
classified information as required. DoD, as Executive Agent, shall
serve as the CSA for all Executive Branch departments and agencies that
are not a designated CSA. As such, DoD shall:
(1) Provide training to industry to ensure that industry
understands the responsibilities associated with protecting classified
information.
(2) Validate the need for contractor access to classified
information, shall establish a system to request personnel security
investigations for contractor personnel, and shall ensure adequate
funding for investigations of those contractors under Department of
Defense cognizance.
(3) Maintain a system of eligibility and access determinations of
contractor personnel.
(b) General Responsibilities. Executive Branch departments and
agencies that issue contracts requiring industry to have access to
classified information and are not a designated CSA shall:
(1) Include the Security Requirements clause, 52.204-2, from the
FAR in such contracts;
(2) Incorporate a Contract Security Classification Specification
(DD 254) into the contracts in accordance with the FAR subpart 4.4;
(3) Sign agreements with the Department of Defense as the Executive
Agent for industrial security services; and
(4) Ensure applicable department and agency personnel having NISP
implementation responsibilities are provided appropriate education and
training.
Sec. 2004.23 Cost reports [203 (d)].
(a) The Executive Branch departments and agencies shall provide
information each year to the Director, ISOO, on the costs within the
agency associated with implementation of the NISP for the previous
year.
(b) The DoD as the Executive Agent shall develop a cost methodology
in coordination with industry to collect the costs incurred by
contractors of all Executive Branch departments and agencies to
implement the NISP, and shall report those costs to the Director, ISOO,
on an annual basis.
Sec. 2004.24 Definitions.
For the purposes of this part the following definitions apply:
(a) Cognizant Security Agencies (CSAs) means the Executive Branch
departments and agencies authorized in EO 12829, as amended, to
establish industrial security programs: the Department of Defense,
designated as the Executive Agent; the Department of Energy; the
Nuclear Regulatory Commission; and the Central Intelligence Agency.
(b) Contractor means any industrial, education, commercial, or
other entity, to include licensees or grantees that has been granted
access to classified information. Contractor does not include
individuals engaged under personal services contracts.
Dated: December 5, 2005.
J. William Leonard,
Director, Information Security Oversight Office.
Approved: January 14, 2006.
Allen Weinstein,
Archivist of the United States.
[FR Doc. E6-815 Filed 1-26-06; 8:45 am]
BILLING CODE 7515-01-P
