Information Security Oversight Office; National Industrial Security Program Directive No. 1, 4541-4543 [E6-815]

Download as PDF Federal Register / Vol. 71, No. 18 / Friday, January 27, 2006 / Proposed Rules application filed pursuant to paragraph (a) of this section. (c) All potentially affected qualifying facilities shall include: (1) Those qualifying facilities that have existing power purchase contracts with the applicant; (2) Other qualifying facilities that sell their output to the applicant or that have pending self-certification or Commission certification with the Commission for qualifying facility status whereby the applicant will be the purchaser of the qualifying facility’s output; (3) Any developer of generating facilities with whom the applicant has agreed to enter into power purchase contracts or are in discussion with regard to power purchase contacts; (4) The developers of facilities that have pending state avoided cost proceedings; and (5) Any other qualifying facilities that the applicant reasonably believes to be affected by its application filed pursuant to paragraph (a) of this section. § 292.311 Reinstatement of obligation to purchase. rmajette on PROD1PC67 with PROPOSALS At any time after the Commission makes a finding under § 292.310 relieving an electric utility of its obligation to purchase electric energy, a qualifying cogeneration facility, a qualifying small power production facility, a State agency, or any other affected person may apply to the Commission for an order reinstating the electric utility’s obligation to purchase electric energy under this section, if there has been a change in the conditions upon which the Commission based its finding. Such application shall set forth the factual basis upon which the application is based and describe why the conditions set forth in § 292.309 (a)(1), (2) or (3) are no longer met. After notice, including sufficient notice to potentially affected utilities, and opportunity for comment, the Commission shall issue an order within 90 days of such application reinstating the electric utility’s obligation to purchase electric energy under this section if the Commission finds that the conditions set forth in § 292.309 (a)(1), (2), or (3) which relieved the obligation to purchase, are no longer met. § 292.312 Procedures for utilities requesting termination of obligation to sell to qualifying facilities. (a) An electric utility shall not be required to enter into a new contract or obligation to sell electric energy to a qualifying small power production facility, an existing qualifying cogeneration qualifying facility, or a VerDate Aug<31>2005 15:15 Jan 26, 2006 Jkt 208001 new qualifying cogeneration facility if the Commission has found that: (1) Competing retail electric suppliers are willing and able to sell and deliver electric energy to the qualifying cogeneration facility or qualifying small power production facility; and (2) The electric utility is not required by State law to sell electric energy in its service territory. (b) Any electric utility may file an application with this Commission for relief from the mandatory obligation to sell under this paragraph on a service territory-wide basis or a single qualifying facility basis. Such application shall set forth the factual basis upon which relief is requested and describe why the conditions set forth in paragraphs (a)(1) and (a)(2) of this section have been met. After notice, including sufficient notice to potentially affected qualifying facilities, and an opportunity for comment, the Commission shall make a final determination within 90 days of such application regarding whether the conditions set forth in paragraphs (a)(1) and (a)(2) of this section have been met. § 292.313 sell. Reinstatement of obligation to At any time after the Commission makes a finding under § 292.312 relieving an electric utility of its obligation to sell electric energy, a qualifying cogeneration facility, a qualifying small power production facility, a State agency, or any other affected person may apply to the Commission for an order reinstating the electric utility’s obligation to sell electric energy under this section, if there has been a change in the conditions upon which the Commission based its finding. Such application shall set forth the factual basis upon which the application is based and describe why the conditions set forth in § 292.312 (a)(1) and (a)(2) are no longer met. After notice, including sufficient notice to potentially affected utilities, and opportunity for comment, the Commission shall issue an order within 90 days of such application reinstating the electric utility’s obligation to sell electric energy under this section if the Commission finds that the conditions set forth in § 292.312 (a)(1) and (a)(2) are no longer met. § 292.314 Existing rights and remedies. Nothing in this §§ 292.303 through 292.314 affects the rights or remedies of any party under any contract or obligation, in effect or pending approval before the appropriate State regulatory authority or non-regulated electric utility on or before August 8, 2005, to PO 00000 Frm 00012 Fmt 4702 Sfmt 4702 4541 purchase electric energy or capacity from or to sell electric energy or capacity to a qualifying cogeneration facility or qualifying small power production facility (including the right to recover costs of purchasing electric energy or capacity). [FR Doc. E6–940 Filed 1–26–06; 8:45 am] BILLING CODE 6717–01–P NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office 32 CFR Part 2004 RIN 3095–AB34 Information Security Oversight Office; National Industrial Security Program Directive No. 1 Information Security Oversight Office (ISOO), National Archives and Records Administration (NARA). ACTION: Implementing directive; proposed rule. AGENCY: SUMMARY: The Information Security Oversight Office (ISOO), National Archives and Records Administration (NARA), is publishing this Directive as a proposed rule and pursuant to section 102(b)(1) of Executive Order 12829, as amended, relating to the National Industrial Security Program. This order establishes a National Industrial Security Program (NISP) to safeguard Federal Government classified information that is released to contractors, licensees, and grantees of the United States Government. Redundant, overlapping, or unnecessary requirements impede those interests. Therefore, the NISP serves as the single, integrated, cohesive industrial security program to protect classified information and to preserve our Nation’s economic and technological interests. This Directive sets forth guidance to agencies to set uniform standards throughout the NISP that promote these objectives. DATES: Comments must be received on or before March 13, 2006. ADDRESSES: You may submit comments, identified by ‘‘RIN 3095–AB34,’’ by any of the following methods: Federal eRulemaking Portal: http:// www.regulations.gov. Follow the instructions for submitting comments. E-mail: comments@nara.gov. Include ‘‘RIN 3095–AB34’’ in the subject line of the message. Fax: (301) 837–0319. Mail: Regulation Comments Desk (NPOL), Room 4100, National Archives E:\FR\FM\27JAP1.SGM 27JAP1 rmajette on PROD1PC67 with PROPOSALS 4542 Federal Register / Vol. 71, No. 18 / Friday, January 27, 2006 / Proposed Rules and Records Administration, 8601 Adelphi Road, College Park, MD 20740– 6001. Hand Delivery/Courier: Regulation Comments Desk (NPOL), Room 4100, National Archives and Records Administration, 8601 Adelphi Road, College Park, MD 20740–6001. FOR FURTHER INFORMATION CONTACT: J. William Leonard, Director, ISOO, at 202–219–5250. SUPPLEMENTARY INFORMATION: This proposed rule is being issued pursuant to the provisions of section 102(b)(1) of Executive Order 12829, January 6, 2003 (58 FR 3479), as amended by Executive Order 12885, December 14, 1993, (58 FR 65863). The purpose of this Directive is to assist in implementing the Order; users of the Directive shall refer concurrently to that Order for guidance. As of November 17, 1995, ISOO became a part of NARA. The drafting, coordination, and issuance of this Directive fulfills one of the responsibilities of the implementation delegated to the ISOO Director. ISOO maintains oversight over Executive Order 12958, as amended, and policy oversight over Executive Order 12829, as amended. Nothing in this directive shall be construed to supersede the authority of the Secretary of Energy or the Nuclear Regulatory Commission under the Atomic Energy Act of 1954, as amended (42 U.S.C. 2011 et seq.), or the authority of the Director of Central Intelligence under the National Security Act of 1947, as amended, or Executive Order No. 12333 of December 8, 1981, or the authority of the Director of National Intelligence under the Intelligence Reform and Terrorism Prevention Act of 2004. Requirements of the latter Act will necessitate additional future changes to Executive Order 12829 and this implementing Directive. The interpretive guidance contained in this proposed rule will assist agencies in implementing Executive Order 12829, as amended. The proposed rule is [not] a significant regulatory action for the purposes of Executive Order 12866. The proposed rule is [not] a major rule as defined in 5 U.S.C. Chapter 8, Congressional Review of Agency Rulemaking. As required by the Regulatory Flexibility Act, we certify that this proposed rule will [not] have a significant impact on a substantial number of small entities because it applies only to Federal agencies. List of Subjects in 32 CFR Part 2004 Classified information. 1. For the reasons set forth in the preamble, NARA proposes to amend VerDate Aug<31>2005 15:15 Jan 26, 2006 Jkt 208001 Title 32 of the Code of Federal Regulations to add part 2004 as follows: § 2004.11 Agency implementing regulations, internal rules, or guidelines [102(b)(3)]. PART 2004—NATIONAL INDUSTRIAL SECURITY PROGRAM DIRECTIVE NO. 1 (a) Reviews and Updates. All implementing regulations, internal rules, or guidelines that pertain to the NISP shall be reviewed and updated by the originating agency, as circumstances require. If a change in national policy necessitates a change in agency implementing regulations, internal rules, or guidelines that pertain to the NISP, the agency shall promptly issue revisions. (b) Reviews by ISOO. The Director, ISOO, shall review agency implementing regulations, internal rules, or guidelines, as necessary, to ensure consistency with NISP policies and procedures. Such reviews should normally occur during routine oversight visits, when there is indication of a problem that comes to the attention of the Director, ISOO, or after a change in national policy that impacts such regulations, rules, or guidelines. The Director, ISOO, shall provide findings from such reviews to the responsible department or agency. Subpart A—Implementation and Oversight Sec. 2004.10 Responsibilities of the Director, Information Security Oversight Office (ISOO) [102(b)]. 2004.11 Agency implementing regulations, internal rules, or guidelines [102(b)(3)]. 2004.12 Reviews by ISOO [102(b)(4)]. Subpart B—Operations 2004.20 National Industrial Security Program Operating Manual (NISPOM) [201(a)]. 2004.21 Protection of classified information [201(e)]. 2004.22 Operational responsibilities [202(a)]. 2004.23 Cost reports [203 (d)]. 2004.24 Definitions. Authority: Section 102(b)(1) of Executive Order 12829, January 6, 2003, 58 FR 3479, as amended by Executive Order 12885, December 14, 1993, 58 FR 65863. Subpart A—Implementation and Oversight § 2004.10 Responsibilities of the Director, Information Security Oversight Office (ISOO) [102(b)].1 The Director ISOO shall: (a) Implement EO 12829, as amended. (b) Ensure that the NISP is operated as a single, integrated program across the Executive Branch of the Federal Government; i.e., that the Executive Branch departments and agencies adhere to NISP principles. (c) Ensure that each contractor’s implementation of the NISP is overseen by a single Cognizant Security Authority (CSA), based on a preponderance of classified contracts per agreement by the CSAs. (d) Ensure that all Executive Branch departments and agencies that contract for classified work have included the Security Requirements clause, 52.204–2, from the Federal Acquisition Regulation (FAR), or an equivalent clause, in such contract. (e) Ensure that those Executive Branch departments and agencies for which the Department of Defense (DoD) serves as the CSA have entered into agreements with the DoD that establish the terms of the Secretary’s responsibilities on behalf of those agency heads. 1 Bracketed references pertain to related sections of Executive Order 12829, as amended by E.O. 12885. PO 00000 Frm 00013 Fmt 4702 Sfmt 4702 § 2004.12 Reviews by ISOO [102(b)(4)]. The Director, ISOO, shall fulfill his monitoring role based, in part, on information received from NISP Policy Advisory Committee (NISPPAC) members, from on-site reviews that ISOO conducts under the authority of EO 12829, as amended, and from complaints and suggestions from persons within or outside the Government. Findings shall be reported to the responsible department or agency. Subpart B—Operations § 2004.20 National Industrial Security Program Operating Manual (NISPOM) [201(a)]. (a) The NISPOM applies to release of classified information during all phases of the contracting process. (b) As a general rule, procedures for safeguarding classified information by contractors and recommendations for changes shall be addressed through the NISPOM coordination process that shall be facilitated by the Executive Agent. The Executive Agent shall address NISPOM issues that surface from industry, Executive Branch departments and agencies, or the NISPPAC. When consensus cannot be achieved through the NISPOM coordination process, the issue shall be raised to the NSC for resolution. § 2004.21 Protection of classified information [201(e)]. Procedures for the safeguarding of classified information by contractors are E:\FR\FM\27JAP1.SGM 27JAP1 Federal Register / Vol. 71, No. 18 / Friday, January 27, 2006 / Proposed Rules promulgated in the NISPOM. DoD, as the Executive Agent, shall use standards applicable to agencies as the basis for the requirements, restrictions, and safeguards contained in the NISPOM; however, the NISPOM requirements may be designed to accommodate as necessary the unique circumstances of industry. Any issue pertaining to deviation of industry requirements in the NISPOM from the standards applicable to agencies shall be addressed through the NISPOM coordination process. rmajette on PROD1PC67 with PROPOSALS § 2004.22 [202(a)]. Operational responsibilities 15:15 Jan 26, 2006 Jkt 208001 Cost reports [203 (d)]. (a) The Executive Branch departments and agencies shall provide information each year to the Director, ISOO, on the costs within the agency associated with implementation of the NISP for the previous year. (b) The DoD as the Executive Agent shall develop a cost methodology in coordination with industry to collect the costs incurred by contractors of all Executive Branch departments and agencies to implement the NISP, and shall report those costs to the Director, ISOO, on an annual basis. § 2004.24 (a) Designation of Cognizant Security Authority (CSA). The CSA for a contractor shall be determined by the preponderance of classified contract activity per agreement by the CSAs. The responsible CSA shall conduct oversight inspections of contractor security programs and provide other support services to contractors as necessary to ensure compliance with the NISPOM and that contractors are protecting classified information as required. DoD, as Executive Agent, shall serve as the CSA for all Executive Branch departments and agencies that are not a designated CSA. As such, DoD shall: (1) Provide training to industry to ensure that industry understands the responsibilities associated with protecting classified information. (2) Validate the need for contractor access to classified information, shall establish a system to request personnel security investigations for contractor personnel, and shall ensure adequate funding for investigations of those contractors under Department of Defense cognizance. (3) Maintain a system of eligibility and access determinations of contractor personnel. (b) General Responsibilities. Executive Branch departments and agencies that issue contracts requiring industry to have access to classified information and are not a designated CSA shall: (1) Include the Security Requirements clause, 52.204–2, from the FAR in such contracts; (2) Incorporate a Contract Security Classification Specification (DD 254) into the contracts in accordance with the FAR subpart 4.4; (3) Sign agreements with the Department of Defense as the Executive Agent for industrial security services; and (4) Ensure applicable department and agency personnel having NISP implementation responsibilities are provided appropriate education and training. VerDate Aug<31>2005 § 2004.23 Definitions. For the purposes of this part the following definitions apply: (a) Cognizant Security Agencies (CSAs) means the Executive Branch departments and agencies authorized in EO 12829, as amended, to establish industrial security programs: the Department of Defense, designated as the Executive Agent; the Department of Energy; the Nuclear Regulatory Commission; and the Central Intelligence Agency. (b) Contractor means any industrial, education, commercial, or other entity, to include licensees or grantees that has been granted access to classified information. Contractor does not include individuals engaged under personal services contracts. Dated: December 5, 2005. J. William Leonard, Director, Information Security Oversight Office. Approved: January 14, 2006. Allen Weinstein, Archivist of the United States. [FR Doc. E6–815 Filed 1–26–06; 8:45 am] BILLING CODE 7515–01–P ENVIRONMENTAL PROTECTION AGENCY 40 CFR Part 52 [NM–4–1–5208b; FRL–8025–4] Approval and Promulgation of Implementation Plans; New Mexico, Visibility Environmental Protection Agency (EPA). ACTION: Proposed rule. AGENCY: SUMMARY: EPA is proposing to approve a revision to the New Mexico State Implementation Plan (SIP). This revision satisfies the New Source Review (NSR) and monitoring plan requirements for visibility, otherwise known as the ‘‘Phase I, Part I Visibility PO 00000 Frm 00014 Fmt 4702 Sfmt 4702 4543 SIP.;’’ In addition, this revision includes the implementation control strategies, integral vistas protection, and long term strategies, otherwise known as the ‘‘Phase I, Part II Visibility SIP.’’ Lastly, EPA is proposing to remove the SIP disapprovals associated with Phase I, Parts I and II, and the resultant Federal Implementation Plans (FIPs). DATES: Written comments must be received on or before February 27, 2006. ADDRESSES: Comments may be mailed to Mr. Thomas Diggs, Chief, Air Planning Section (6PD–L), Environmental Protection Agency, 1445 Ross Avenue, Suite 1200, Dallas, Texas 75202–2733. Comments may also be submitted electronically or through hand delivery/ courier by following the detailed instructions in the ADDRESSES section of the direct final rule located in the rules section of this Federal Register. FOR FURTHER INFORMATION CONTACT: Joe Kordzi, Air Planning Section (6PD–L), Environmental Protection Agency, Region 6, 1445 Ross Avenue, Suite 700, Dallas, Texas 75202–2733, telephone (214) 665–7186; fax number 214–665– 7263; e-mail address kordzi.joe@epa.gov. SUPPLEMENTARY INFORMATION: In the final rules section of this Federal Register, EPA is approving the State’s SIP submittal as a direct final rule without prior proposal because the Agency views this as a noncontroversial submittal and anticipates no adverse comments. A detailed rationale for the approval is set forth in the direct final rule. If no adverse comments are received in response to this action rule, no further activity is contemplated. If EPA receives adverse comments, the direct final rule will be withdrawn and all public comments received will be addressed in a subsequent final rule based on this proposed rule. EPA will not institute a second comment period. Any parties interested in commenting on this action should do so at this time. Please note that if EPA receives adverse comment on an amendment, paragraph, or section of this rule and if that provision may be severed from the remainder of the rule, EPA may adopt as final those provisions of the rule that are not the subject of an adverse comment. For additional information, see the direct final rule which is located in the ‘‘Rules and Regulations’’ section of this Federal Register. Dated: January 18, 2006. Richard E. Greene, Regional Administrator, Region 6. [FR Doc. 06–759 Filed 1–26–06; 8:45 am] BILLING CODE 6560–50–P E:\FR\FM\27JAP1.SGM 27JAP1

Agencies

[Federal Register Volume 71, Number 18 (Friday, January 27, 2006)]
[Proposed Rules]
[Pages 4541-4543]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E6-815]


=======================================================================
-----------------------------------------------------------------------

NATIONAL ARCHIVES AND RECORDS ADMINISTRATION

Information Security Oversight Office

32 CFR Part 2004

RIN 3095-AB34


Information Security Oversight Office; National Industrial 
Security Program Directive No. 1

AGENCY: Information Security Oversight Office (ISOO), National Archives 
and Records Administration (NARA).

ACTION: Implementing directive; proposed rule.

-----------------------------------------------------------------------

SUMMARY: The Information Security Oversight Office (ISOO), National 
Archives and Records Administration (NARA), is publishing this 
Directive as a proposed rule and pursuant to section 102(b)(1) of 
Executive Order 12829, as amended, relating to the National Industrial 
Security Program. This order establishes a National Industrial Security 
Program (NISP) to safeguard Federal Government classified information 
that is released to contractors, licensees, and grantees of the United 
States Government. Redundant, overlapping, or unnecessary requirements 
impede those interests. Therefore, the NISP serves as the single, 
integrated, cohesive industrial security program to protect classified 
information and to preserve our Nation's economic and technological 
interests. This Directive sets forth guidance to agencies to set 
uniform standards throughout the NISP that promote these objectives.

DATES: Comments must be received on or before March 13, 2006.

ADDRESSES: You may submit comments, identified by ``RIN 3095-AB34,'' by 
any of the following methods:
    Federal eRulemaking Portal: http://www.regulations.gov. Follow the 
instructions for submitting comments.
    E-mail: comments@nara.gov. Include ``RIN 3095-AB34'' in the subject 
line of the message.
    Fax: (301) 837-0319.
    Mail: Regulation Comments Desk (NPOL), Room 4100, National Archives

[[Page 4542]]

and Records Administration, 8601 Adelphi Road, College Park, MD 20740-
6001.
    Hand Delivery/Courier: Regulation Comments Desk (NPOL), Room 4100, 
National Archives and Records Administration, 8601 Adelphi Road, 
College Park, MD 20740-6001.

FOR FURTHER INFORMATION CONTACT: J. William Leonard, Director, ISOO, at 
202-219-5250.

SUPPLEMENTARY INFORMATION: This proposed rule is being issued pursuant 
to the provisions of section 102(b)(1) of Executive Order 12829, 
January 6, 2003 (58 FR 3479), as amended by Executive Order 12885, 
December 14, 1993, (58 FR 65863). The purpose of this Directive is to 
assist in implementing the Order; users of the Directive shall refer 
concurrently to that Order for guidance. As of November 17, 1995, ISOO 
became a part of NARA. The drafting, coordination, and issuance of this 
Directive fulfills one of the responsibilities of the implementation 
delegated to the ISOO Director. ISOO maintains oversight over Executive 
Order 12958, as amended, and policy oversight over Executive Order 
12829, as amended. Nothing in this directive shall be construed to 
supersede the authority of the Secretary of Energy or the Nuclear 
Regulatory Commission under the Atomic Energy Act of 1954, as amended 
(42 U.S.C. 2011 et seq.), or the authority of the Director of Central 
Intelligence under the National Security Act of 1947, as amended, or 
Executive Order No. 12333 of December 8, 1981, or the authority of the 
Director of National Intelligence under the Intelligence Reform and 
Terrorism Prevention Act of 2004. Requirements of the latter Act will 
necessitate additional future changes to Executive Order 12829 and this 
implementing Directive. The interpretive guidance contained in this 
proposed rule will assist agencies in implementing Executive Order 
12829, as amended.
    The proposed rule is [not] a significant regulatory action for the 
purposes of Executive Order 12866. The proposed rule is [not] a major 
rule as defined in 5 U.S.C. Chapter 8, Congressional Review of Agency 
Rulemaking. As required by the Regulatory Flexibility Act, we certify 
that this proposed rule will [not] have a significant impact on a 
substantial number of small entities because it applies only to Federal 
agencies.

List of Subjects in 32 CFR Part 2004

    Classified information.

    1. For the reasons set forth in the preamble, NARA proposes to 
amend Title 32 of the Code of Federal Regulations to add part 2004 as 
follows:

PART 2004--NATIONAL INDUSTRIAL SECURITY PROGRAM DIRECTIVE NO. 1

Subpart A--Implementation and Oversight
Sec.
2004.10 Responsibilities of the Director, Information Security 
Oversight Office (ISOO) [102(b)].
2004.11 Agency implementing regulations, internal rules, or 
guidelines [102(b)(3)].
2004.12 Reviews by ISOO [102(b)(4)].
Subpart B--Operations
2004.20 National Industrial Security Program Operating Manual 
(NISPOM) [201(a)].
2004.21 Protection of classified information [201(e)].
2004.22 Operational responsibilities [202(a)].
2004.23 Cost reports [203 (d)].
2004.24 Definitions.

    Authority: Section 102(b)(1) of Executive Order 12829, January 
6, 2003, 58 FR 3479, as amended by Executive Order 12885, December 
14, 1993, 58 FR 65863.

Subpart A--Implementation and Oversight


Sec.  2004.10  Responsibilities of the Director, Information Security 
Oversight Office (ISOO) [102(b)].1
---------------------------------------------------------------------------

    \1\ Bracketed references pertain to related sections of 
Executive Order 12829, as amended by E.O. 12885.
---------------------------------------------------------------------------

    The Director ISOO shall:
    (a) Implement EO 12829, as amended.
    (b) Ensure that the NISP is operated as a single, integrated 
program across the Executive Branch of the Federal Government; i.e., 
that the Executive Branch departments and agencies adhere to NISP 
principles.
    (c) Ensure that each contractor's implementation of the NISP is 
overseen by a single Cognizant Security Authority (CSA), based on a 
preponderance of classified contracts per agreement by the CSAs.
    (d) Ensure that all Executive Branch departments and agencies that 
contract for classified work have included the Security Requirements 
clause, 52.204-2, from the Federal Acquisition Regulation (FAR), or an 
equivalent clause, in such contract.
    (e) Ensure that those Executive Branch departments and agencies for 
which the Department of Defense (DoD) serves as the CSA have entered 
into agreements with the DoD that establish the terms of the 
Secretary's responsibilities on behalf of those agency heads.


Sec.  2004.11  Agency implementing regulations, internal rules, or 
guidelines [102(b)(3)].

    (a) Reviews and Updates. All implementing regulations, internal 
rules, or guidelines that pertain to the NISP shall be reviewed and 
updated by the originating agency, as circumstances require. If a 
change in national policy necessitates a change in agency implementing 
regulations, internal rules, or guidelines that pertain to the NISP, 
the agency shall promptly issue revisions.
    (b) Reviews by ISOO. The Director, ISOO, shall review agency 
implementing regulations, internal rules, or guidelines, as necessary, 
to ensure consistency with NISP policies and procedures. Such reviews 
should normally occur during routine oversight visits, when there is 
indication of a problem that comes to the attention of the Director, 
ISOO, or after a change in national policy that impacts such 
regulations, rules, or guidelines. The Director, ISOO, shall provide 
findings from such reviews to the responsible department or agency.


Sec.  2004.12  Reviews by ISOO [102(b)(4)].

    The Director, ISOO, shall fulfill his monitoring role based, in 
part, on information received from NISP Policy Advisory Committee 
(NISPPAC) members, from on-site reviews that ISOO conducts under the 
authority of EO 12829, as amended, and from complaints and suggestions 
from persons within or outside the Government. Findings shall be 
reported to the responsible department or agency.

Subpart B--Operations


Sec.  2004.20  National Industrial Security Program Operating Manual 
(NISPOM) [201(a)].

    (a) The NISPOM applies to release of classified information during 
all phases of the contracting process.
    (b) As a general rule, procedures for safeguarding classified 
information by contractors and recommendations for changes shall be 
addressed through the NISPOM coordination process that shall be 
facilitated by the Executive Agent. The Executive Agent shall address 
NISPOM issues that surface from industry, Executive Branch departments 
and agencies, or the NISPPAC. When consensus cannot be achieved through 
the NISPOM coordination process, the issue shall be raised to the NSC 
for resolution.


Sec.  2004.21  Protection of classified information [201(e)].

    Procedures for the safeguarding of classified information by 
contractors are

[[Page 4543]]

promulgated in the NISPOM. DoD, as the Executive Agent, shall use 
standards applicable to agencies as the basis for the requirements, 
restrictions, and safeguards contained in the NISPOM; however, the 
NISPOM requirements may be designed to accommodate as necessary the 
unique circumstances of industry. Any issue pertaining to deviation of 
industry requirements in the NISPOM from the standards applicable to 
agencies shall be addressed through the NISPOM coordination process.


Sec.  2004.22  Operational responsibilities [202(a)].

    (a) Designation of Cognizant Security Authority (CSA). The CSA for 
a contractor shall be determined by the preponderance of classified 
contract activity per agreement by the CSAs. The responsible CSA shall 
conduct oversight inspections of contractor security programs and 
provide other support services to contractors as necessary to ensure 
compliance with the NISPOM and that contractors are protecting 
classified information as required. DoD, as Executive Agent, shall 
serve as the CSA for all Executive Branch departments and agencies that 
are not a designated CSA. As such, DoD shall:
    (1) Provide training to industry to ensure that industry 
understands the responsibilities associated with protecting classified 
information.
    (2) Validate the need for contractor access to classified 
information, shall establish a system to request personnel security 
investigations for contractor personnel, and shall ensure adequate 
funding for investigations of those contractors under Department of 
Defense cognizance.
    (3) Maintain a system of eligibility and access determinations of 
contractor personnel.
    (b) General Responsibilities. Executive Branch departments and 
agencies that issue contracts requiring industry to have access to 
classified information and are not a designated CSA shall:
    (1) Include the Security Requirements clause, 52.204-2, from the 
FAR in such contracts;
    (2) Incorporate a Contract Security Classification Specification 
(DD 254) into the contracts in accordance with the FAR subpart 4.4;
    (3) Sign agreements with the Department of Defense as the Executive 
Agent for industrial security services; and
    (4) Ensure applicable department and agency personnel having NISP 
implementation responsibilities are provided appropriate education and 
training.


Sec.  2004.23  Cost reports [203 (d)].

    (a) The Executive Branch departments and agencies shall provide 
information each year to the Director, ISOO, on the costs within the 
agency associated with implementation of the NISP for the previous 
year.
    (b) The DoD as the Executive Agent shall develop a cost methodology 
in coordination with industry to collect the costs incurred by 
contractors of all Executive Branch departments and agencies to 
implement the NISP, and shall report those costs to the Director, ISOO, 
on an annual basis.


Sec.  2004.24  Definitions.

    For the purposes of this part the following definitions apply:
    (a) Cognizant Security Agencies (CSAs) means the Executive Branch 
departments and agencies authorized in EO 12829, as amended, to 
establish industrial security programs: the Department of Defense, 
designated as the Executive Agent; the Department of Energy; the 
Nuclear Regulatory Commission; and the Central Intelligence Agency.
    (b) Contractor means any industrial, education, commercial, or 
other entity, to include licensees or grantees that has been granted 
access to classified information. Contractor does not include 
individuals engaged under personal services contracts.

    Dated: December 5, 2005.
J. William Leonard,
Director, Information Security Oversight Office.
    Approved: January 14, 2006.
Allen Weinstein,
Archivist of the United States.
[FR Doc. E6-815 Filed 1-26-06; 8:45 am]
BILLING CODE 7515-01-P