Section



[Code of Federal Regulations]
[Title 32, Volume 6]
[Revised as of July 1, 2004]
From the U.S. Government Printing Office via GPO Access
[CITE: 32CFR2001.60]

[Page 491]
 
                        TITLE 32-NATIONAL DEFENSE
 
CHAPTER XX--INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND 
                         RECORDS ADMINISTRATION
 
PART 2001_CLASSIFIED NATIONAL SECURITY INFORMATION--Table of Contents
 
                       Subpart E_Self-Inspections
 
Sec. 2001.60  General [5.4].


    (a) Purpose. This subpart sets standards for establishing and 
maintaining an ongoing agency self-inspection program, which shall 
include the periodic review and assessment of the agency's classified 
product. ``Self-inspection'' means the internal review and evaluation of 
individual agency activities and the agency as a whole with respect to 
the implementation of the program established under the Order.
    (b) Applicability. These standards are binding on all executive 
branch agencies that create or handle classified information. Pursuant 
to Executive Order 12829, the National Industrial Security Program 
Operating Manual (NISPOM) prescribes the security requirements, 
restrictions and safeguards applicable to industry, including the 
conduct of contractor self-inspections. The standards established in the 
NISPOM should be consistent with the standards prescribed in Executive 
Order 12958, as amended and this part.
    (c) Responsibility. The senior agency official is responsible for 
the agency's self-inspection program. The senior agency official shall 
designate agency personnel to assist in carrying out this 
responsibility.
    (d) Approach. The official(s) responsible for the program shall 
determine the means and methods for the conduct of self-inspections. 
These may include:
    (1) A review of relevant security directives, guides and 
instructions;
    (2) Interviews with producers and users of classified information;
    (3) A review of access and control records and procedures; and
    (4) A review of a sample of classified documents generated by agency 
activities.
    (e) Frequency. The official(s) responsible for the program shall set 
the frequency of self-inspections on the basis of program needs and the 
degree of classification activity. Activities that generate significant 
amounts of classified information should conduct at least one document 
review per year.
    (f) Reporting. The format for documenting findings shall be set by 
the official(s) responsible for the program.