National Industrial Security Program

The National Industrial Security Program, or NISP, is the nominal authority in the United States for managing the needs of private industry to access classified information.

The NISP was established in 1993 by Executive Order 12829.[1] The National Security Council nominally sets policy for the NISP, while the Director of the Information Security Oversight Office is nominally the authority for implementation. Under the ISOO, the Secretary of Defense is nominally the Executive Agent, but the NISP recognizes four different Cognizant Security Agencies, all of which have equal authority: the Department of Defense, the Department of Energy, the Central Intelligence Agency, and the Nuclear Regulatory Commission.[2]

NISP Operating Manual (DoD 5220.22-M)

A major component of the NISP is the NISP Operating Manual, also called NISPOM, or DoD 5220.22-M. The NISPOM establishes the standard procedures and requirements for all government contractors, with regards to classified information. As of 2017, the current NISPOM edition is dated 28 Feb 2006. Chapters and selected sections of this edition are:[3]

  • Chapter 1 – General Provisions and Requirements
  • Chapter 2 – Security Clearances
    • Section 1 – Facility Clearances
    • Section 2 – Personnel Security Clearances
    • Section 3 – Foreign Ownership, Control, or Influence (FOCI)
  • Chapter 3 – Security Training and Briefings
  • Chapter 4 – Classification and Marking
  • Chapter 5 – Safeguarding Classified Information
  • Chapter 6 – Visits and Meetings
  • Chapter 7 – Subcontracting
  • Chapter 8 – Information System Security
  • Chapter 9 – Special Requirements
  • Chapter 10 – International Security Requirements
  • Chapter 11 – Miscellaneous Information
  • Appendices

Data sanitization

DoD 5220.22-M is sometimes cited as a standard for sanitization to counter data remanence. The NISPOM actually covers the entire field of government–industrial security, of which data sanitization is a very small part (about two paragraphs in a 141-page document).[4] Furthermore, the NISPOM does not actually specify any particular method. Standards for sanitization are left up to the Cognizant Security Authority. The Defense Security Service provides a Clearing and Sanitization Matrix (C&SM) which does specify methods.[5] As of the June 2007 edition of the DSS C&SM, overwriting is no longer acceptable for sanitization of magnetic media; only degaussing or physical destruction is acceptable.[6]

gollark: You can get an idea of what things are likely or unlikely. The monetary incentive is somewhat important.
gollark: This is one of those annoying things where we're limited to wild speculation so probably don't do anything weird businesswise.
gollark: Democratic ones theoretically allow more input from everyone, which should lead to decisions which consider their interests more and take into account information people know, but also run into whatever issues existing democracies have plus probably exciting new ones due to presumably having a direct democracy voting on a lot of things.
gollark: Hierarchical ones (theoretically) allow clear direction and management from the top but also lack input from lower levels and are vulnerable to the top people being wrong/bad.
gollark: Before trying to think of ideas for organization structure it might be good to clarify what exactly the organizational structure should do/allow/optimize.

References

  1. "Executive Order 12829". FAS website. Retrieved 2007-04-01.
  2. "NISP Brochure" (PDF). DSS. Archived from the original (PDF) on 2006-04-20. Retrieved 2007-04-01. (59 KB)
  3. "Download NISPOM". DSS. Retrieved 2010-11-10.
  4. DoD (2006-02-28). "National Industrial Security Program Operating Manual (NISPOM)" (PDF). DSS. pp. 8–3-1. Retrieved 2013-03-07. (1.92 MB)
  5. "DSS Clearing & Sanitization Matrix" (PDF). DSS. 2007-06-28. Retrieved 2011-04-26. (98 KB)
  6. NIST (2014-12-18). Unrelated to NISP or NISPOM, National Institute of Standards and Technology (NIST) Computer Security Division Released Special Publication 800-88 Revision 1, Guidelines for Media Sanitization, 18 December 2014. Retrieved from http://csrc.nist.gov/news_events/news_archive/news_archive_2014.html#dec18.
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.