Section






[Code of Federal Regulations]

[Title 32, Volume 6]

[Revised as of July 1, 2006]

From the U.S. Government Printing Office via GPO Access

[CITE: 32CFR2001.40]



[Page 483-484]

 

                        TITLE 32-NATIONAL DEFENSE

 

CHAPTER XX--INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND 

                         RECORDS ADMINISTRATION

 

PART 2001_CLASSIFIED NATIONAL SECURITY INFORMATION--Table of Contents

 

                         Subpart D_Safeguarding

 

Sec.  2001.40  General [4.1].





    (a) Classified information, regardless of its form, shall be 

afforded a level of protection against loss or unauthorized disclosure 

commensurate with its level of classification.

    (b) Except for NATO and other foreign government information, agency 

heads or their designee(s) (hereinafter referred to as agency heads) may 

adopt alternative measures, using risk management principles, to protect 

against loss or unauthorized disclosure when necessary to meet 

operational requirements. When alternative measures are used for other 

than temporary, unique situations, the alternative measures shall be 

documented and provided to the Director, Information Security Oversight 

Office (ISOO), to facilitate that office's oversight responsibility. 

Upon request, the description shall be provided to any other agency with 

which classified information or secure facilities are shared. In all 

cases, the alternative measures shall provide protection sufficient to 

reasonably deter and detect loss or unauthorized disclosure. Risk 

management factors considered will include sensitivity, value and 

crucial nature of the information; analysis of known and anticipated 

threats; vulnerability; and countermeasure benefits versus cost.

    (c) NATO classified information shall be safeguarded in compliance 

with U.S.



[[Page 484]]



Security Authority for NATO Instructions I-69 and I-70. Other foreign 

government information shall be safeguarded as described herein for U.S. 

information except as required by an existing treaty, agreement or other 

obligation (hereinafter, obligation). When the information is to be 

safeguarded pursuant to an existing obligation, the additional 

requirements at Sec.  2001.53 may apply to the extent they were required 

in the obligation as originally negotiated or are agreed upon during 

amendment. Negotiations on new obligations or amendments to existing 

obligations shall strive to bring provisions for safeguarding foreign 

government information into accord with standards for safeguarding U.S. 

information as described in this Directive.

    (d) An agency head who originates or handles classified information 

shall refer any matter pertaining to the implementation of this 

Directive that he or she cannot resolve to the Director, ISOO for 

resolution.