DOD 5220
   HOME

TheInfoList



Click Here for Items Related To - DOD 5220
OR:
DOD 5220 on:   [Wikipedia]   [Google]   [Amazon]

The National Industrial Security Program, or NISP, is the nominal authority in the
United States The United States of America (USA), also known as the United States (U.S.) or America, is a country primarily located in North America. It is a federal republic of 50 U.S. state, states and a federal capital district, Washington, D.C. The 48 ...
for managing the needs of
private industry The private sector is the part of the economy which is owned by private groups, usually as a means of establishment for profit or non profit, rather than being owned by the government. Employment The private sector employs most of the workfor ...
to access
classified information Classified information is confidential material that a government deems to be sensitive information which must be protected from unauthorized disclosure that requires special handling and dissemination controls. Access is restricted by law or ...
. The NISP was established in 1993 by
Executive Order In the United States, an executive order is a directive by the president of the United States that manages operations of the federal government. The legal or constitutional basis for executive orders has multiple sources. Article Two of the ...
12829. The
National Security Council A national security council (NSC) is usually an executive branch governmental body responsible for coordinating policy on national security issues and advising chief executives on matters related to national security. An NSC is often headed by a n ...
nominally sets policy for the NISP, while the Director of the
Information Security Oversight Office The Information Security Oversight Office (ISOO) is responsible to the President for policy and oversight of the government-wide security classification system and the National Industrial Security Program in the United States. The ISOO is a compo ...
is nominally the authority for implementation. Under the ISOO, the
Secretary of Defense A ministry of defence or defense (see spelling differences), also known as a department of defence or defense, is the part of a government responsible for matters of defence and military forces, found in states where the government is divided ...
is nominally the Executive Agent, but the NISP recognizes four different Cognizant Security Agencies, all of which have equal authority: the
Department of Defense The United States Department of Defense (DoD, USDOD, or DOD) is an executive department of the U.S. federal government charged with coordinating and supervising the six U.S. armed services: the Army, Navy, Marines, Air Force, Space Force, ...
, the
Department of Energy A ministry of energy or department of energy is a government department in some countries that typically oversees the production of fuel and electricity; in the United States, however, it manages nuclear weapons development and conducts energy-rela ...
, the
Central Intelligence Agency The Central Intelligence Agency (CIA; ) is a civilian foreign intelligence service of the federal government of the United States tasked with advancing national security through collecting and analyzing intelligence from around the world and ...
, and the
Nuclear Regulatory Commission The United States Nuclear Regulatory Commission (NRC) is an independent agency of the United States government tasked with protecting public health and safety related to nuclear energy. Established by the Energy Reorganization Act of 1974, the ...
.
Defense Counterintelligence and Security Agency Defense or defence may refer to: Tactical, martial, and political acts or groups * Defense (military), forces primarily intended for warfare * Civil defense, the organizing of civilians to deal with emergencies or enemy attacks * Defense indu ...
administers the NISP on behalf of the Department of Defense and 34 other federal agencies.


NISP Operating Manual (DoD 5220.22-M)

A major component of the NISP is the NISP Operating Manual, also called NISPOM, or DoD 5220.22-M. The NISPOM establishes the standard procedures and requirements for all government contractors, with regards to classified information. , the current NISPOM edition is dated 28 Feb 2006. Chapters and selected sections of this edition are: * Chapter 1 – General Provisions and Requirements * Chapter 2 – Security Clearances ** Section 1 – Facility Clearances ** Section 2 – Personnel Security Clearances ** Section 3 – Foreign Ownership, Control, or Influence (FOCI) * Chapter 3 – Security Training and Briefings * Chapter 4 –
Classification Classification is the activity of assigning objects to some pre-existing classes or categories. This is distinct from the task of establishing the classes themselves (for example through cluster analysis). Examples include diagnostic tests, identif ...
and Marking * Chapter 5 – Safeguarding Classified Information * Chapter 6 – Visits and Meetings * Chapter 7 –
Subcontracting A subcontractor is a person or business which undertakes to perform part or all of the obligations of another's contract, and a subcontract is a contract which assigns part of an existing contract to a subcontractor. A general contractor, prime ...
* Chapter 8 –
Information System An information system (IS) is a formal, sociotechnical, organizational system designed to collect, process, Information Processing and Management, store, and information distribution, distribute information. From a sociotechnical perspective, info ...
Security * Chapter 9 – Special Requirements ** Section 1 – RD and FRD ** Section 2 – DoD Critical Nuclear Weapon Design Information (CNWDI) ** Section 3 – Intelligence Information ** Section 4 – Communication Security (COMSEC) * Chapter 10 – International Security Requirements * Chapter 11 – Miscellaneous Information ** Section 1 – TEMPEST ** Section 2 –
Defense Technical Information Center The Defense Technical Information Center (DTIC, ) is the repository for research and engineering information for the United States Department of Defense (DoD). DTIC's services are available to DoD personnel, federal government personnel, federa ...
(DTIC) ** Section 3 – Independent Research and Development (IR&D) Efforts * Appendices


Data sanitization

DoD 5220.22-M is sometimes cited as a standard for sanitization to counter
data remanence Data remanence is the residual representation of digital data that remains even after attempts have been made to remove or erase the data. This residue may result from data being left intact by a nominal file deletion operation, by reformatting of ...
. The NISPOM actually covers the entire field of government–industrial security, of which data sanitization is a very small part (about two paragraphs in a 141-page document). Furthermore, the NISPOM does not actually specify any particular method. Standards for sanitization are left up to the Cognizant Security Authority. The
Defense Security Service Defense or defence may refer to: Tactical, martial, and political acts or groups * Defense (military), forces primarily intended for warfare * Civil defense, the organizing of civilians to deal with emergencies or enemy attacks * Defense indust ...
provides a ''Clearing and Sanitization Matrix'' (C&SM) which does specify methods. (98 KB) As of the June 2007 edition of the DSS C&SM, overwriting is no longer acceptable for sanitization of magnetic media; only
degaussing Degaussing, or deperming, is the process of decreasing or eliminating a remnant magnetic field. It is named after the gauss, a unit of magnetism, which in turn was named after Carl Friedrich Gauss. Due to magnetic hysteresis, it is generally not ...
or physical destruction is acceptable.NIST (2014-12-18). Unrelated to NISP or NISPOM, National Institute of Standards and Technology (NIST) Computer Security Division Released Special Publication 800-88 Revision 1, Guidelines for Media Sanitization, 18 December 2014. Retrieved from https://csrc.nist.gov/pubs/sp/800/88/r1/final.


References


External links


EO-12829 overview ("National Industrial Security Program")

EO-12829 PDF


{{authority control Establishments by United States executive order United States intelligence agencies United States Department of Defense agencies Classified documents Data security United States government secrecy Data erasure