Section






[Code of Federal Regulations]

[Title 32, Volume 6]

[Revised as of July 1, 2006]

From the U.S. Government Printing Office via GPO Access

[CITE: 32CFR2001.60]



[Page 491]

 

                        TITLE 32-NATIONAL DEFENSE

 

CHAPTER XX--INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND 

                         RECORDS ADMINISTRATION

 

PART 2001_CLASSIFIED NATIONAL SECURITY INFORMATION--Table of Contents

 

                       Subpart E_Self-Inspections

 

Sec.  2001.60  General [5.4].





    (a) Purpose. This subpart sets standards for establishing and 

maintaining an ongoing agency self-inspection program, which shall 

include the periodic review and assessment of the agency's classified 

product. ``Self-inspection'' means the internal review and evaluation of 

individual agency activities and the agency as a whole with respect to 

the implementation of the program established under the Order.

    (b) Applicability. These standards are binding on all executive 

branch agencies that create or handle classified information. Pursuant 

to Executive Order 12829, the National Industrial Security Program 

Operating Manual (NISPOM) prescribes the security requirements, 

restrictions and safeguards applicable to industry, including the 

conduct of contractor self-inspections. The standards established in the 

NISPOM should be consistent with the standards prescribed in Executive 

Order 12958, as amended and this part.

    (c) Responsibility. The senior agency official is responsible for 

the agency's self-inspection program. The senior agency official shall 

designate agency personnel to assist in carrying out this 

responsibility.

    (d) Approach. The official(s) responsible for the program shall 

determine the means and methods for the conduct of self-inspections. 

These may include:

    (1) A review of relevant security directives, guides and 

instructions;

    (2) Interviews with producers and users of classified information;

    (3) A review of access and control records and procedures; and

    (4) A review of a sample of classified documents generated by agency 

activities.

    (e) Frequency. The official(s) responsible for the program shall set 

the frequency of self-inspections on the basis of program needs and the 

degree of classification activity. Activities that generate significant 

amounts of classified information should conduct at least one document 

review per year.

    (f) Reporting. The format for documenting findings shall be set by 

the official(s) responsible for the program.