DoD Directive 5220.22-M: National Industrial Security Program Operating Manual
April 7, 2006
The Feb. 28, 2006 reissuance of 5220.22-M - National Industrial Security Program Operating Manual (NISPOM) provides baseline standards for the protection of classified information released or disclosed in connection with classified contracts under the National Industrial Security Program (NISP).
The manual controls the authorized disclosure of classified information released by U.S. government executive branch departments and agencies to their contractors.
It also prescribes the procedures, requirements, restrictions and other safeguards to protect special classes of classified information including Restricted Data (RD), Formerly Restricted Data (FRD), intelligence sources and methods information, Sensitive Compartmented Information (SCI) and Special Access Program (SAP) information.
The manual applies to and shall be used by contractors to safeguard classified information released during all phases of the contracting, licensing and grant process, including bidding, negotiation, award, performance and termination.
It also applies to classified information not released under a contract, license, certificate or grant and to foreign government information furnished to contractors that requires protection in the interest of national security. The manual implements applicable federal statutes, executive orders, national directives, international treaties and certain government-to-government agreements.
The manual does not contain protection requirements for special nuclear material.
The Secretary of Defense entered into agreements with the departments and agencies listed below for the purpose of rendering industrial security services.
This delegation of authority is contained in an exchange of letters between the Secretary of Defense and:
- Administrator, National Aeronautics and Space Administration (NASA).
- Secretary of Commerce.
- Administrator, General Services Administration (GSA).
- Secretary of State.
- Administrator, Small Business Administration (SBA).
- Director, National Science Foundation (NSF).
- Secretary of the Treasury.
- Secretary of Transportation.
- Secretary of the Interior.
- Secretary of Agriculture.
- Secretary of Labor.
- Administrator, Environmental Protection Agency (EPA).
- Attorney general, Department of Justice (DOJ).
- Chairman, Board of Governors, Federal Reserve System (FRS).
- Comptroller general of the U.S.
- Government Accountability Office (GAO).
- Director of administrative services, U.S. Trade Representative (USTR).
- Director of administration, U.S. International Trade Commission (USITC).
- Administrator, U.S. Agency for International Development (USAID).
- Executive director for operations of the Nuclear Regulatory Commission (NRC).
- Secretary of Education.
- Secretary of Health and Human Services.
- Secretary of Homeland Security.
- Deputy managing director, Federal Communications Commission (FCC).
Security cognizance remains with each federal department or agency unless lawfully delegated. The term Cognizant Security Agency (CSA) denotes the Department of Defense (DoD), the Department of Energy (DOE), the NRC and the Central Intelligence Agency (CIA).
The secretary of defense, the secretary of energy, the director of the CIA and the chairman of the NRC may delegate any aspect of security administration regarding classified activities and contracts under their purview within the CSA or to another CSA.
Responsibility for security administration may be further delegated by a CSA to one or more Cognizant Security Offices (CSO). It is the obligation of each CSA to inform the industry of the applicable CSO.
The designation of a CSO does not relieve any Government Contracting Activity (GCA) of the responsibility to protect and safeguard the classified information necessary for its classified contracts or from visiting the contractor to review the security aspects of such contracts.
Nothing in this manual affects the authority of the head of an agency to limit, deny or revoke access to classified information under its statutory, regulatory or contract jurisdiction if that agency head determines that the security of the nation requires it.
Periodic security reviews of all cleared contractor facilities will be conducted to ensure that safeguards employed by contractors are adequate for the protection of classified information.
The full text of DoD 5220.22-M - National Industrial Security Program Operating Manual (NISPOM) can be found at the Defense Technical Information Center web site.