HOME

TheInfoList



Click Here for Items Related To - National Industrial Security Program
OR:
National Industrial Security Program on:   [Wikipedia]   [Google]   [Amazon]

The National Industrial Security Program, or NISP, is the nominal authority in the
United States The United States of America (U.S.A. or USA), commonly known as the United States (U.S. or US) or America, is a country primarily located in North America. It consists of 50 U.S. state, states, a Washington, D.C., federal district, five ma ...
for managing the needs of private industry to access
classified information Classified information is material that a government body deems to be sensitive information that must be protected. Access is restricted by law or regulation to particular groups of people with the necessary security clearance and need to k ...
. The NISP was established in 1993 by
Executive Order In the United States, an executive order is a directive by the president of the United States that manages operations of the federal government. The legal or constitutional basis for executive orders has multiple sources. Article Two of ...
12829. The
National Security Council A national security council (NSC) is usually an executive branch governmental body responsible for coordinating policy on national security issues and advising chief executives on matters related to national security. An NSC is often headed by a n ...
nominally sets policy for the NISP, while the Director of the
Information Security Oversight Office The Information Security Oversight Office (ISOO) is responsible to the President for policy and oversight of the government-wide security Classified information in the United States, classification system and the National Industrial Security Prog ...
is nominally the authority for implementation. Under the ISOO, the Secretary of Defense is nominally the Executive Agent, but the NISP recognizes four different Cognizant Security Agencies, all of which have equal authority: the
Department of Defense Department of Defence or Department of Defense may refer to: Current departments of defence * Department of Defence (Australia) * Department of National Defence (Canada) * Department of Defence (Ireland) * Department of National Defense (Philippin ...
, the
Department of Energy A Ministry of Energy or Department of Energy is a government department in some countries that typically oversees the production of fuel and electricity; in the United States, however, it manages nuclear weapons development and conducts energy-relat ...
, the
Central Intelligence Agency The Central Intelligence Agency (CIA ), known informally as the Agency and historically as the Company, is a civilian intelligence agency, foreign intelligence service of the federal government of the United States, officially tasked with gat ...
, and the
Nuclear Regulatory Commission The Nuclear Regulatory Commission (NRC) is an independent agency of the United States government tasked with protecting public health and safety related to nuclear energy. Established by the Energy Reorganization Act of 1974, the NRC began oper ...
.
Defense Counterintelligence and Security Agency The Defense Counterintelligence and Security Agency (DCSA) is a federasecurityand defense agency of the United States Department of Defense (DoD) that reports to the Under Secretary of Defense for Intelligence.DCSA is the largest counterintellig ...
administers the NISP on behalf of the Department of Defense and 34 other federal agencies.


NISP Operating Manual (DoD 5220.22-M)

A major component of the NISP is the NISP Operating Manual, also called NISPOM, or DoD 5220.22-M. The NISPOM establishes the standard procedures and requirements for all government contractors, with regards to classified information. , the current NISPOM edition is dated 28 Feb 2006. Chapters and selected sections of this edition are: * Chapter 1 – General Provisions and Requirements * Chapter 2 – Security Clearances ** Section 1 – Facility Clearances ** Section 2 – Personnel Security Clearances ** Section 3 – Foreign Ownership, Control, or Influence (FOCI) * Chapter 3 – Security Training and Briefings * Chapter 4 –
Classification Classification is a process related to categorization, the process in which ideas and objects are recognized, differentiated and understood. Classification is the grouping of related facts into classes. It may also refer to: Business, organizat ...
and Marking * Chapter 5 – Safeguarding Classified Information * Chapter 6 – Visits and Meetings * Chapter 7 –
Subcontracting A subcontractor is an individual or (in many cases) a business that signs a contract to perform part or all of the obligations of another's contract. Put simply the role of a subcontractor is to execute the job they are hired by the contractor ...
* Chapter 8 –
Information System An information system (IS) is a formal, sociotechnical, organizational system designed to collect, process, store, and distribute information. From a sociotechnical perspective, information systems are composed by four components: task, people ...
Security * Chapter 9 – Special Requirements ** Section 1 – RD and FRD ** Section 2 – DoD Critical Nuclear Weapon Design Information (CNWDI) ** Section 3 – Intelligence Information ** Section 4 – Communication Security (COMSEC) * Chapter 10 – International Security Requirements * Chapter 11 – Miscellaneous Information ** Section 1 –
TEMPEST Tempest is a synonym for a storm. '' The Tempest'' is a play by William Shakespeare. Tempest or The Tempest may also refer to: Arts and entertainment Films * ''The Tempest'' (1908 film), a British silent film * ''The Tempest'' (1911 film), a ...
** Section 2 –
Defense Technical Information Center The Defense Technical Information Center (DTIC, pronounced "Dee-tick") is the repository for research and engineering information for the United States Department of Defense (DoD). DTIC's services are available to DoD personnel, federal govern ...
(DTIC) ** Section 3 – Independent Research and Development (IR&D) Efforts * Appendices


Data sanitization

DoD 5220.22-M is sometimes cited as a standard for sanitization to counter
data remanence Data remanence is the residual representation of digital data that remains even after attempts have been made to remove or erase the data. This residue may result from data being left intact by a nominal file deletion operation, by reformatting o ...
. The NISPOM actually covers the entire field of government–industrial security, of which data sanitization is a very small part (about two paragraphs in a 141-page document). Furthermore, the NISPOM does not actually specify any particular method. Standards for sanitization are left up to the Cognizant Security Authority. The
Defense Security Service The Defense Counterintelligence and Security Agency (DCSA) is a federasecurityand defense agency of the United States Department of Defense (DoD) that reports to the Under Secretary of Defense for Intelligence.DCSA is the largest counterintellig ...
provides a ''Clearing and Sanitization Matrix'' (C&SM) which does specify methods. (98 KB) As of the June 2007 edition of the DSS C&SM, overwriting is no longer acceptable for sanitization of magnetic media; only
degaussing Degaussing is the process of decreasing or eliminating a remnant magnetic field. It is named after the gauss, a unit of magnetism, which in turn was named after Carl Friedrich Gauss. Due to magnetic hysteresis, it is generally not possible to red ...
or physical destruction is acceptable.NIST (2014-12-18). Unrelated to NISP or NISPOM, National Institute of Standards and Technology (NIST) Computer Security Division Released Special Publication 800-88 Revision 1, Guidelines for Media Sanitization, 18 December 2014. Retrieved from http://csrc.nist.gov/news_events/news_archive/news_archive_2014.html#dec18.


References


External links


EO-12829 overview ("National Industrial Security Program")

EO-12829 PDF


{{authority control Establishments by United States executive order United States intelligence agencies United States Department of Defense agencies Classified documents Data security United States government secrecy Data erasure