32 C.F.R. Subpart A—Implementation and Oversight
Title 32 - National Defense
The Director ISOO shall: (a) Implement EO 12829, as amended. 1 Bracketed references pertain to related sections of Executive Order 12829, as amended by E.O. 12885. (b) Ensure that the NISP is operated as a single, integrated program across the Executive Branch of the Federal Government; i.e., that the Executive Branch departments and agencies adhere to NISP principles. (c) Ensure that each contractor's implementation of the NISP is overseen by a single Cognizant Security Authority (CSA), based on a preponderance of classified contracts per agreement by the CSAs. (d) Ensure that all Executive Branch departments and agencies that contract for classified work have included the Security Requirements clause, 52.204–2, from the Federal Acquisition Regulation (FAR), or an equivalent clause, in such contract. (e) Ensure that those Executive Branch departments and agencies for which the Department of Defense (DoD) serves as the CSA have entered into agreements with the DoD that establish the terms of the Secretary's responsibilities on behalf of those agency heads. (a) Reviews and Updates. All implementing regulations, internal rules, or guidelines that pertain to the NISP shall be reviewed and updated by the originating agency, as circumstances require. If a change in national policy necessitates a change in agency implementing regulations, internal rules, or guidelines that pertain to the NISP, the agency shall promptly issue revisions. (b) Reviews by ISOO. The Director, ISOO, shall review agency implementing regulations, internal rules, or guidelines, as necessary, to ensure consistency with NISP policies and procedures. Such reviews should normally occur during routine oversight visits, when there is indication of a problem that comes to the attention of the Director, ISOO, or after a change in national policy that impacts such regulations, rules, or guidelines. The Director, ISOO, shall provide findings from such reviews to the responsible department or agency. The Director, ISOO, shall fulfill his monitoring role based, in part, on information received from NISP Policy Advisory Committee (NISPPAC) members, from on-site reviews that ISOO conducts under the authority of EO 12829, as amended, and from complaints and suggestions from persons within or outside the Government. Findings shall be reported to the responsible department or agency.
Title 32: National Defense
PART 2004—NATIONAL INDUSTRIAL SECURITY PROGRAM DIRECTIVE NO. 1
Subpart A—Implementation and Oversight
§ 2004.10 Responsibilities of the Director, Information Security Oversight Office (ISOO) [102(b)].1
§ 2004.11 Agency Implementing Regulations, Internal Rules, or Guidelines [102(b)(3)].
§ 2004.12 Reviews by ISOO [102(b)(4)].
