Section



[Code of Federal Regulations]
[Title 6, Volume 1]
[Revised as of January 1, 2007]
From the U.S. Government Printing Office via GPO Access
[CITE: 6CFR29.7]

[Page 124-125]
 
                       TITLE 6--HOMELAND SECURITY
 
   CHAPTER I--DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY
 
PART 29_PROTECTED CRITICAL INFRASTRUCTURE INFORMATION--Table of Contents
 
Sec.  29.7  Safeguarding of Protected Critical Infrastructure Information.

    (a) Safeguarding. All persons granted access to PCII are responsible 
for safeguarding such information in their possession or control. PCII 
shall be protected at all times by appropriate storage and handling. 
Each person who works with PCII is personally responsible for taking 
proper precautions to ensure that unauthorized persons do not gain 
access to it.
    (b) Background Checks on Persons with Access to PCII. For those who 
require access to PCII, DHS will, to the extent practicable and 
consistent with the purposes of the Act, undertake appropriate 
background checks to ensure that individuals with access to PCII do not 
pose a threat to national security. These checks may also be waived in 
exigent circumstances.
    (c) Use and Storage. When PCII is in the physical possession of a 
person, reasonable steps shall be taken, in accordance with procedures 
prescribed by the PCII Program Manager, to minimize the risk of access 
to PCII by unauthorized persons. When PCII is not in the physical 
possession of a person, it shall be stored in a secure environment.
    (d) Reproduction. Pursuant to procedures prescribed by the PCII 
Program Manager, a document or other material containing PCII may be 
reproduced to the extent necessary consistent with the need to carry out 
official duties, provided that the reproduced documents or material are 
marked and protected in the same manner as the original documents or 
material.
    (e) Disposal of information. Documents and material containing PCII 
may be disposed of by any method that prevents unauthorized retrieval, 
such as shredding or incineration.

[[Page 125]]

    (f) Transmission of information. PCII shall be transmitted only by 
secure means of delivery as determined by the PCII Program Manager, and 
in conformance with appropriate federal standards.
    (g) Automated Information Systems. The PCII Program Manager shall 
establish security requirements designed to protect information to the 
maximum extent practicable, and consistent with the Act, for Automated 
Information Systems that contain PCII. Such security requirements will 
be in conformance with the information technology security requirements 
in the Federal Information Security Management Act and the Office of 
Management and Budget's implementing policies.