DODD 5220.22-M SUPP 1
NATIONAL INDUSTRIAL SECURITY PROGRAM OPERATING MANUAL
|Publication Date:||1 February 1995|
a. This Supplement provides special security measures to ensure the integrity of SAPS, Critical SECRET Restricted Data (SRD), and TOP SECRET Restricted Data (TSRD) and imposes controls supplemental to security measures prescribed in the NISPOM for classified contracts. Supplemental measures fall under the cognizance of the DoD DCI, DOE, NRC or other CSA as appropriate. See page 1-1-2 for figure 1, SAP Government and Contractor Relationships. additionally, specific contract provisions pertaining to these measures applicable to associated unacknowledged activities will be separately provided. Any department, Agency, or other organizational structure amplifying instructions will be inserted immediately following the applicable security options selected from the NISPOMUSUP. This will facilitate providing a contractor with a supplement that is overprinted with the options selected.
b. Security Options. This Supplement contains security options from which specific security measures may be selected for individual programs. The options selected shall be specifically addressed in the Program Security Guide (PSG) and/or identified in the Contract. The PSG shall be endorsed by the CSA or his her designee, establishing the program, although, as a rule, the DCIDs sets the upper limits. In some cases, security or sensitise factors may require security measures that exceed DCID standards. In such cases, the higher standards shall be listed separately and specifically endorsed by the CSA creating the program and may be reflected as an overprint to this Supplement.
a. The policy and guidance contained herein and imposed by contract is binding upon all persons who are granted access to SAP information. Acceptance of the contract security measures is a prerequisite to any negotiations leading to Program participation and accreditation of a Special Access Program Facility (SAPF).
b. The following is restated from the baseline for clarity. If a contractor determines that implementation of any provision of this Supplement is more costly that provisions imposed under previous U.S. Government policies, standards, or requirements, the contractor shall notify the Cognizant Security Agency. Contractors shall, however, implement any such provision within three years from the date of this Supplement, unless a written exception is granted by the CSA.
c. The DCIDs apply to all SCI and DCI programs and any other SAP that selects them as the program security measures.