ARMY - AR 380-49
Industrial Security Program
|Publication Date:||20 March 2013|
a. The security policies, requirements, and procedures identified in this regulation are applicable to Army personnel (military and civilian), all Army contractors performing services on an Army installation and supporting a tenant Army facility and contractors in which the Army provides oversight.
b. The National Industrial Security Program (NISP) was established by Executive Order (EO) 12829 for the protection of information classified under EO 13526, as amended, or its successor or predecessor orders and the Atomic Energy Act of 1954, as amended, placed within the hands or entrusted to the Defense Industrial Base. The National Security Council is responsible for providing overall policy direction for the NISP. The Secretary of Defense has been designated lead agent for the NISP by the President. The Director, Information Security Oversight Office, is responsible for implementing and monitoring the NISP and for issuing implementing directives that are binding on agencies. Defense Security Service (DSS) is responsible for administering the Department of Defense (DOD) ISP on behalf of all DOD agencies, the Departments of the Army, Navy, and Air Force, to include their activities, and those federal agencies which have established NISP servicing agreements with DOD.
This regulation establishes policy for the Department of the Army's Industrial Security Program (ISP). This regulation pertains to classified information and also addresses controlled unclassified information (CUI) in the hands of industry. It prescribes requirements, restrictions, and other safeguards for the ISP to prevent unauthorized disclosure of classified and CUI released to current, prospective, or former contractors, licensees, grantees, and certificate holders of the DA. This regulation addresses contractor operations on Army installations or at Army facilities. This regulation does not stipulate the enhanced security requirements for Special Access Programs (SAPs). SAP security requirements are addressed in AR 380-381 and in AR 715-30. Additionally, AR 715-30 provides policy and guidance to support a secure contracting environment and activities having special security or operational requirements. The ISP is administered by the Deputy Chief of Staff, G-2 (DCS, G-2).